Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1541108
MD5:4f84f1e06697752092aefec38c505e32
SHA1:ec8983c0f3f687d6d1f071da1508de63949fa050
SHA256:87e74ee7443a17d2626ca5d33032913d139a2ea156d2afb4b4213ea49da4a3dd
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 6244 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4F84F1E06697752092AEFEC38C505E32)
    • taskkill.exe (PID: 6220 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6096 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1836 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5808 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5868 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6444 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6544 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2080 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3a02f6-4639-4242-a5b9-9a48f9196107} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d59556db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7756 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4244 -parentBuildID 20230927232528 -prefsHandle 2760 -prefMapHandle 4236 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa7db3e-6923-4036-bba0-8e3b5e3a72b8} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a76ed910 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7364 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7a4d4c-5c4b-4992-9801-409195ea74b6} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a92acb10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000003.1718839578.0000000000F7F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    Process Memory Space: file.exe PID: 6244JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: file.exeReversingLabs: Detection: 47%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
      Source: file.exeJoe Sandbox ML: detected
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49810 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49812 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49817 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49820 version: TLS 1.2
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_004DDBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E68EE FindFirstFileW,FindClose,0_2_004E68EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_004E698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004DD076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004DD3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_004E9642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_004E979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_004E9B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_004E5C97
      Source: firefox.exeMemory has grown: Private usage: 42MB later: 200MB
      Source: unknownNetwork traffic detected: DNS query count 31
      Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
      Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
      Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
      Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
      Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004ECE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_004ECE44
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
      Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %*://www.facebook.com/*Z equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837060795.000001D5A37BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1836936015.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8D6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD6DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1836936015.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8D6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD6DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1843465685.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871688979.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860587701.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: __MSG_extensionDescription__main/nimbus-desktop-experimentsFailed to flush browser: __MSG_searchUrlGetParams__OptionalPermissionNoPromptrs-experiment-loader-timernimbus-desktop-experimentsnimbus-desktop-experimentsoptInToExperiment/recipe<UpdateSessionStoreForStoragehttps://www.amazon.co.uk/https://www.wikipedia.org/main/nimbus-desktop-experimentshttps://www.aliexpress.com/https://www.leboncoin.fr/https://www.facebook.com/_validateBranches/schema<initEntry/entry.cancelPromise< equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836936015.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1836936015.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8D6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3270C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3270C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3270C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1843465685.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871688979.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860587701.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
      Source: firefox.exe, 0000000D.00000003.1883171755.000001D5A6C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
      Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: youtube.com
      Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
      Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: example.org
      Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
      Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
      Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
      Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
      Source: global trafficDNS traffic detected: DNS query: www.youtube.com
      Source: global trafficDNS traffic detected: DNS query: www.facebook.com
      Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
      Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
      Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
      Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
      Source: global trafficDNS traffic detected: DNS query: www.reddit.com
      Source: global trafficDNS traffic detected: DNS query: twitter.com
      Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
      Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
      Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
      Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
      Source: firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
      Source: firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
      Source: firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
      Source: firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
      Source: firefox.exe, 0000000D.00000003.1835632854.000001D5A7696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
      Source: firefox.exe, 0000000D.00000003.1794297032.000001D5A7C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867306015.000001D5A739F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
      Source: firefox.exe, 0000000D.00000003.1791510476.000001D5AD563000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857914431.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
      Source: firefox.exe, 0000000D.00000003.1791510476.000001D5AD563000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
      Source: firefox.exe, 0000000D.00000003.1810762214.000001D5A6B2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
      Source: firefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
      Source: firefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
      Source: firefox.exe, 0000000D.00000003.1737926317.000001D5A7670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1875413424.000001D5A5590000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834057222.000001D5A6B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836412848.000001D5A7382000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737926317.000001D5A76D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850694936.000001D5A7EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866203123.000001D5A7670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812706443.000001D5A6B8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1838966743.000001D5A5862000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1802454409.000001D5AD46A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795896796.000001D5A7382000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1751539976.000001D5A74F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1799375073.000001D5A8B51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1838199230.000001D5A5824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812706443.000001D5A6B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD61F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1710154485.000001D5A5862000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849138860.000001D5A8827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1843100374.000001D5A55A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842970701.000001D5A586F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1802454409.000001D5AD45B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
      Source: firefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
      Source: firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
      Source: firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
      Source: firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
      Source: firefox.exe, 0000000D.00000003.1870450304.000001D5AF962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
      Source: firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
      Source: firefox.exe, 0000000D.00000003.1737592185.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858892391.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795628289.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
      Source: firefox.exe, 0000000D.00000003.1737592185.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858892391.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795628289.000001D5A77BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulh
      Source: firefox.exe, 00000010.00000003.1735153199.000001E522BFD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2922493690.000001E522BFD000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
      Source: firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
      Source: firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
      Source: firefox.exe, 0000000D.00000003.1792249265.000001D5A8D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD6AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
      Source: firefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
      Source: firefox.exe, 0000000D.00000003.1792249265.000001D5A8D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
      Source: firefox.exe, 0000000D.00000003.1789730153.000001D5AEF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/x
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
      Source: file.exe, 00000000.00000003.1719248546.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1718839578.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1720176317.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719216539.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805313615.000001D5A7217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1819820809.000001D5A74AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1820297028.000001D5A7219000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1752562748.000001D5A74A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816320096.000001D5A74A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1787167112.000001D5A749F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1800134604.000001D5A6F4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 0000000D.00000003.1795030333.000001D5A78EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
      Source: firefox.exe, 0000000D.00000003.1835632854.000001D5A7640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
      Source: firefox.exe, 0000000D.00000003.1789730153.000001D5AEF7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
      Source: firefox.exe, 0000000D.00000003.1871340949.000001D5AEF85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
      Source: firefox.exe, 0000000D.00000003.1788758832.000001D5AF34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
      Source: firefox.exe, 0000000D.00000003.1792249265.000001D5A8DA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790325921.000001D5AEF5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844957363.000001D5A8DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
      Source: firefox.exe, 0000000D.00000003.1873556272.000001D5A7838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
      Source: firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
      Source: firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
      Source: firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784425115.000001D5A7258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
      Source: firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
      Source: firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739https://bugzilla.mozilla.org/show_bug.cgi?id=160
      Source: firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784425115.000001D5A7258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
      Source: firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
      Source: firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784425115.000001D5A7258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
      Source: firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
      Source: firefox.exe, 0000000D.00000003.1700747986.000001D5A2D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
      Source: firefox.exe, 0000000D.00000003.1866756760.000001D5A7626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
      Source: firefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
      Source: firefox.exe, 0000000D.00000003.1853933029.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
      Source: firefox.exe, 0000000D.00000003.1784907137.000001D5A7240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865583924.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873327397.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823831283.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837060795.000001D5A37BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857914431.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816794878.000001D5A5E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780033025.000001D5A723F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
      Source: firefox.exe, 0000000D.00000003.1812706443.000001D5A6B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810762214.000001D5A6B2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD6AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD6AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877455093.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870450304.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A32713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
      Source: firefox.exe, 0000000D.00000003.1741849950.000001D5A68B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1741628910.000001D5A68F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1740364407.000001D5A6879000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
      Source: firefox.exe, 0000000D.00000003.1795896796.000001D5A73BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877455093.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870450304.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A32713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
      Source: firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
      Source: firefox.exe, 0000000D.00000003.1792495044.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863012255.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846347097.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
      Source: firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1845926596.000001D5A8AA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A32730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
      Source: firefox.exe, 0000000D.00000003.1792495044.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863012255.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846347097.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabexperimental-features-devtools-compatibility-pa
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
      Source: firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
      Source: firefox.exe, 0000000D.00000003.1792495044.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863012255.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846347097.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
      Source: firefox.exe, 0000000D.00000003.1802454409.000001D5AD46A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
      Source: firefox.exe, 0000000D.00000003.1802454409.000001D5AD46A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
      Source: firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
      Source: firefox.exe, 0000000D.00000003.1874257298.000001D5A70A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
      Source: firefox.exe, 0000000D.00000003.1835632854.000001D5A7640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
      Source: firefox.exe, 0000000D.00000003.1788758832.000001D5AF34D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
      Source: firefox.exe, 0000000D.00000003.1784907137.000001D5A7240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748216199.000001D5A6FCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748188086.000001D5A6FD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1748852055.000001D5A6FCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791510476.000001D5AD563000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816794878.000001D5A5E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780033025.000001D5A723F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
      Source: firefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
      Source: firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836837016.000001D5A7309000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
      Source: firefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
      Source: firefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
      Source: firefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
      Source: firefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
      Source: firefox.exe, 0000000D.00000003.1791510476.000001D5AD5C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834919971.000001D5AD5C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862611294.000001D5AD5CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1843605056.000001D5AD5C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
      Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
      Source: firefox.exe, 0000000D.00000003.1795030333.000001D5A788F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835538705.000001D5A788F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854880601.000001D5A788F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873507052.000001D5A788F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
      Source: firefox.exe, 0000000D.00000003.1853933029.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/b431e92a-0d4f-4a23-aaae-050cc
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
      Source: firefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
      Source: firefox.exe, 0000000D.00000003.1852476606.000001D5A7E4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793847309.000001D5A7E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
      Source: firefox.exe, 0000000D.00000003.1784907137.000001D5A7240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865583924.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873327397.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823831283.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837060795.000001D5A37BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857914431.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816794878.000001D5A5E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780033025.000001D5A723F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3278F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
      Source: firefox.exe, 0000000D.00000003.1795030333.000001D5A78EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
      Source: firefox.exe, 0000000D.00000003.1875326366.000001D5A2C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
      Source: firefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
      Source: firefox.exe, 0000000D.00000003.1791510476.000001D5AD585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
      Source: firefox.exe, 0000000D.00000003.1795030333.000001D5A781E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
      Source: firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
      Source: firefox.exe, 0000000D.00000003.1882854497.000001D5A6C4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
      Source: firefox.exe, 0000000D.00000003.1836186380.000001D5A73DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866999517.000001D5A73DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
      Source: firefox.exe, 0000000D.00000003.1882854497.000001D5A6C4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
      Source: firefox.exe, 0000000D.00000003.1882854497.000001D5A6C4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
      Source: firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
      Source: firefox.exe, 0000000D.00000003.1812706443.000001D5A6B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810762214.000001D5A6B2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
      Source: firefox.exe, 0000000D.00000003.1795896796.000001D5A7365000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836412848.000001D5A7365000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867306015.000001D5A7365000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
      Source: firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
      Source: firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
      Source: firefox.exe, 0000000D.00000003.1857914431.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
      Source: firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
      Source: firefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
      Source: firefox.exe, 0000000D.00000003.1878830341.000001D5ADA05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870450304.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A32713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
      Source: firefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
      Source: firefox.exe, 0000000D.00000003.1795896796.000001D5A73BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
      Source: firefox.exe, 0000000D.00000003.1737926317.000001D5A76D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836412848.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789730153.000001D5AEF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866009195.000001D5A76D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795896796.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867306015.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A76D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
      Source: firefox.exe, 0000000D.00000003.1836412848.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795030333.000001D5A782A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1881302951.000001D5A782A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855031598.000001D5A782A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795896796.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867306015.000001D5A7349000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844957363.000001D5A8DA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
      Source: firefox.exe, 0000000D.00000003.1799724320.000001D5A7DA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
      Source: firefox.exe, 0000000D.00000003.1873272823.000001D5A7C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852903246.000001D5A7C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864903167.000001D5A7C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794297032.000001D5A7C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
      Source: firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
      Source: firefox.exe, 0000000D.00000003.1795030333.000001D5A781E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
      Source: firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
      Source: firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
      Source: firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
      Source: firefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
      Source: firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
      Source: firefox.exe, 0000000D.00000003.1700747986.000001D5A2D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805379735.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1744790317.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1743841754.000001D5A6DBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806910034.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
      Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
      Source: firefox.exe, 0000000D.00000003.1835091524.000001D5AD546000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
      Source: firefox.exe, 0000000D.00000003.1791510476.000001D5AD585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
      Source: firefox.exe, 0000000D.00000003.1700747986.000001D5A2D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/searchcb8e7210-9f0b-48fa-8708-b9a03df79eead908d622-0387-4d36-8098-1a
      Source: firefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD6AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
      Source: firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
      Source: firefox.exe, 0000000D.00000003.1871740610.000001D5ADA6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823404712.000001D5ADAAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
      Source: firefox.exe, 0000000D.00000003.1795896796.000001D5A73BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
      Source: firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
      Source: firefox.exe, 0000000D.00000003.1741849950.000001D5A68B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1741628910.000001D5A68F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1740364407.000001D5A6879000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
      Source: firefox.exe, 0000000D.00000003.1789730153.000001D5AEF7F000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
      Source: firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
      Source: firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
      Source: firefox.exe, 00000011.00000002.2915806212.0000017A327F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/:r
      Source: firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
      Source: firefox.exe, 0000000D.00000003.1861753454.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1790866340.000001D5AD674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
      Source: firefox.exe, 0000000D.00000003.1871389812.000001D5AEF38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
      Source: firefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
      Source: firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
      Source: firefox.exe, 0000000D.00000003.1843465685.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871688979.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860587701.000001D5AEC3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823231583.000001D5AEC44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816794878.000001D5A5E37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
      Source: firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3270C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: firefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
      Source: firefox.exe, 0000000D.00000003.1790866340.000001D5AD643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
      Source: firefox.exe, 0000000D.00000003.1843917503.000001D5AD3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
      Source: firefox.exe, 0000000D.00000003.1794998969.000001D5A7B0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
      Source: firefox.exe, 0000000D.00000003.1879648773.000001D5A92BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852903246.000001D5A7CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1872296306.000001D5A7CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866009195.000001D5A76AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
      Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
      Source: firefox.exe, 00000011.00000002.2915232417.0000017A32680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
      Source: firefox.exe, 0000000F.00000002.2915504731.000001AE00DE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigK_
      Source: firefox.exe, 00000011.00000002.2912983813.0000017A3212A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challeng
      Source: firefox.exe, 0000000D.00000003.1835632854.000001D5A7696000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794998969.000001D5A7B0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915504731.000001AE00DE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2913948979.000001AE00B8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2913948979.000001AE00B80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2913258857.000001E521C9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2915608616.000001E521EB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2912983813.0000017A32120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2912983813.0000017A3212A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915232417.0000017A32684000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
      Source: firefox.exe, 00000010.00000002.2913258857.000001E521C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd)a
      Source: firefox.exe, 0000000B.00000002.1689901376.000002A61202A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1695911483.0000013DDA4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
      Source: firefox.exe, 00000010.00000002.2913258857.000001E521C9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd=a
      Source: firefox.exe, 00000011.00000002.2912983813.0000017A3212A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdJSt
      Source: firefox.exe, 0000000F.00000002.2915504731.000001AE00DE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2913948979.000001AE00B80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2915608616.000001E521EB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2913258857.000001E521C90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2912983813.0000017A32120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915232417.0000017A32684000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
      Source: firefox.exe, 0000000D.00000003.1854689485.000001D5A7B0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794998969.000001D5A7B0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwden
      Source: firefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49772 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49781 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49810 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49812 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49817 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49820 version: TLS 1.2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_004EEAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_004EED6A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_004EEAFF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_004DAA57
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00509576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00509576

      System Summary

      barindex
      Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
      Source: file.exe, 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7e90a9df-d
      Source: file.exe, 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c343fba8-c
      Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_48d7952b-1
      Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f8428b02-a
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52256A777 NtQuerySystemInformation,16_2_000001E52256A777
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E522582FF2 NtQuerySystemInformation,16_2_000001E522582FF2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_004DD5EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004D1201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_004DE8F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047BF400_2_0047BF40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E20460_2_004E2046
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004780600_2_00478060
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D82980_2_004D8298
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004AE4FF0_2_004AE4FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A676B0_2_004A676B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005048730_2_00504873
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047CAF00_2_0047CAF0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0049CAA00_2_0049CAA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048CC390_2_0048CC39
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A6DD90_2_004A6DD9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048B1190_2_0048B119
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004791C00_2_004791C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004913940_2_00491394
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004917060_2_00491706
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0049781B0_2_0049781B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048997D0_2_0048997D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004779200_2_00477920
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004919B00_2_004919B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00497A4A0_2_00497A4A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00491C770_2_00491C77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C3CD20_2_004C3CD2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00497CA70_2_00497CA7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FBE440_2_004FBE44
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A9EEE0_2_004A9EEE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00491F320_2_00491F32
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52256A77716_2_000001E52256A777
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E522582FF216_2_000001E522582FF2
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52258371C16_2_000001E52258371C
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52258303216_2_000001E522583032
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00490A30 appears 46 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 0048F9F2 appears 31 times
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
      Source: classification engineClassification label: mal72.troj.evad.winEXE@34/36@67/12
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E37B5 GetLastError,FormatMessageW,0_2_004E37B5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D10BF AdjustTokenPrivileges,CloseHandle,0_2_004D10BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_004D16C3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_004E51CD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_004DD4DC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_004E648E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004742A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004742A2
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2416:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:480:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:560:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: firefox.exe, 0000000D.00000003.1789730153.000001D5AEF64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
      Source: firefox.exe, 0000000D.00000003.1822117849.000001D5AF018000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
      Source: file.exeReversingLabs: Detection: 47%
      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
      Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3a02f6-4639-4242-a5b9-9a48f9196107} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d59556db10 socket
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4244 -parentBuildID 20230927232528 -prefsHandle 2760 -prefMapHandle 4236 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa7db3e-6923-4036-bba0-8e3b5e3a72b8} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a76ed910 rdd
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7a4d4c-5c4b-4992-9801-409195ea74b6} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a92acb10 utility
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3a02f6-4639-4242-a5b9-9a48f9196107} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d59556db10 socketJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4244 -parentBuildID 20230927232528 -prefsHandle 2760 -prefMapHandle 4236 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa7db3e-6923-4036-bba0-8e3b5e3a72b8} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a76ed910 rddJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7a4d4c-5c4b-4992-9801-409195ea74b6} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a92acb10 utilityJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
      Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004742DE
      Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00490A76 push ecx; ret 0_2_00490A89
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0048F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0048F98E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00501C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00501C41
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95254
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52256A777 rdtsc 16_2_000001E52256A777
      Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_004DDBBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E68EE FindFirstFileW,FindClose,0_2_004E68EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_004E698F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004DD076
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_004DD3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_004E9642
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_004E979D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_004E9B2B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_004E5C97
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004742DE
      Source: firefox.exe, 00000010.00000002.2913258857.000001E521C9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0`F"
      Source: firefox.exe, 00000011.00000002.2912983813.0000017A3212A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
      Source: firefox.exe, 0000000F.00000002.2920881450.000001AE01000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWcX
      Source: firefox.exe, 0000000F.00000002.2913948979.000001AE00B8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2920344633.000001E522460000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: firefox.exe, 00000011.00000002.2915073068.0000017A32500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
      Source: firefox.exe, 0000000F.00000002.2919697689.000001AE00F18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
      Source: firefox.exe, 00000010.00000002.2920344633.000001E52246F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
      Source: firefox.exe, 0000000F.00000002.2920881450.000001AE01000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7P
      Source: firefox.exe, 0000000F.00000002.2920881450.000001AE01000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq\=
      Source: firefox.exe, 0000000F.00000002.2920881450.000001AE01000000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2920344633.000001E52246F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001E52256A777 rdtsc 16_2_000001E52256A777
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EEAA2 BlockInput,0_2_004EEAA2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004A2622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004742DE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00494CE8 mov eax, dword ptr fs:[00000030h]0_2_00494CE8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_004D0B62
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004A2622
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0049083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0049083F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004909D5 SetUnhandledExceptionFilter,0_2_004909D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00490C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00490C21
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004D1201
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004B2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_004B2BA5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DB226 SendInput,keybd_event,0_2_004DB226
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_004F22DA
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_004D0B62
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_004D1663
      Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: file.exeBinary or memory string: Shell_TrayWnd
      Source: firefox.exe, 0000000D.00000003.1840618787.000001D5B10E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00490698 cpuid 0_2_00490698
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_004E8195
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004CD27A GetUserNameW,0_2_004CD27A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004ABB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_004ABB6F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004742DE

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 00000000.00000003.1718839578.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6244, type: MEMORYSTR
      Source: file.exeBinary or memory string: WIN_81
      Source: file.exeBinary or memory string: WIN_XP
      Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
      Source: file.exeBinary or memory string: WIN_XPe
      Source: file.exeBinary or memory string: WIN_VISTA
      Source: file.exeBinary or memory string: WIN_7
      Source: file.exeBinary or memory string: WIN_8

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 00000000.00000003.1718839578.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: file.exe PID: 6244, type: MEMORYSTR
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004F1204
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004F1806
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure2
      Valid Accounts
      1
      Windows Management Instrumentation
      1
      DLL Side-Loading
      1
      Exploitation for Privilege Escalation
      2
      Disable or Modify Tools
      21
      Input Capture
      2
      System Time Discovery
      Remote Services1
      Archive Collected Data
      2
      Ingress Tool Transfer
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API
      2
      Valid Accounts
      1
      DLL Side-Loading
      1
      Deobfuscate/Decode Files or Information
      LSASS Memory1
      Account Discovery
      Remote Desktop Protocol21
      Input Capture
      12
      Encrypted Channel
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection
      2
      Obfuscated Files or Information
      Security Account Manager2
      File and Directory Discovery
      SMB/Windows Admin Shares3
      Clipboard Data
      2
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
      Valid Accounts
      1
      DLL Side-Loading
      NTDS16
      System Information Discovery
      Distributed Component Object ModelInput Capture3
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
      Access Token Manipulation
      1
      Extra Window Memory Injection
      LSA Secrets131
      Security Software Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
      Process Injection
      1
      Masquerading
      Cached Domain Credentials1
      Virtualization/Sandbox Evasion
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Valid Accounts
      DCSync3
      Process Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      Virtualization/Sandbox Evasion
      Proc Filesystem1
      Application Window Discovery
      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
      Access Token Manipulation
      /etc/passwd and /etc/shadow1
      System Owner/User Discovery
      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
      Process Injection
      Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541108 Sample: file.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 209 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 172.217.16.142, 443, 49738, 49739 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49740, 49744, 49750 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
      file.exe100%Joe Sandbox ML
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
      https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
      http://www.mozilla.com00%URL Reputationsafe
      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
      https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
      https://www.leboncoin.fr/0%URL Reputationsafe
      https://spocs.getpocket.com/spocs0%URL Reputationsafe
      https://shavar.services.mozilla.com0%URL Reputationsafe
      https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
      https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
      https://monitor.firefox.com/breach-details/0%URL Reputationsafe
      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
      https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
      https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
      https://api.accounts.firefox.com/v10%URL Reputationsafe
      https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.20%URL Reputationsafe
      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
      https://MD8.mozilla.org/1/m0%URL Reputationsafe
      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
      https://bugzilla.mo0%URL Reputationsafe
      https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
      https://shavar.services.mozilla.com/0%URL Reputationsafe
      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
      https://spocs.getpocket.com/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
      https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
      http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
      https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
      https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
      https://monitor.firefox.com/about0%URL Reputationsafe
      https://account.bellmedia.c0%URL Reputationsafe
      https://login.microsoftonline.com0%URL Reputationsafe
      https://coverage.mozilla.org0%URL Reputationsafe
      http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
      https://www.zhihu.com/0%URL Reputationsafe
      http://x1.c.lencr.org/00%URL Reputationsafe
      http://x1.i.lencr.org/00%URL Reputationsafe
      http://a9.com/-/spec/opensearch/1.1/0%URL Reputationsafe
      https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
      https://blocked.cdn.mozilla.net/0%URL Reputationsafe
      https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
      http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
      https://duckduckgo.com/?t=ffab&q=0%URL Reputationsafe
      https://profiler.firefox.com0%URL Reputationsafe
      https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
      https://identity.mozilla.com/apps/relay0%URL Reputationsafe
      https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
      https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
      https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
      https://monitor.firefox.com/user/preferences0%URL Reputationsafe
      https://screenshots.firefox.com/0%URL Reputationsafe
      https://truecolors.firefox.com/0%URL Reputationsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      example.org
      93.184.215.14
      truefalse
        unknown
        star-mini.c10r.facebook.com
        157.240.0.35
        truefalse
          unknown
          prod.classify-client.prod.webservices.mozgcp.net
          35.190.72.216
          truefalse
            unknown
            prod.balrog.prod.cloudops.mozgcp.net
            35.244.181.201
            truefalse
              unknown
              twitter.com
              104.244.42.129
              truefalse
                unknown
                prod.detectportal.prod.cloudops.mozgcp.net
                34.107.221.82
                truefalse
                  unknown
                  services.addons.mozilla.org
                  151.101.1.91
                  truefalse
                    unknown
                    dyna.wikimedia.org
                    185.15.59.224
                    truefalse
                      unknown
                      prod.remote-settings.prod.webservices.mozgcp.net
                      34.149.100.209
                      truefalse
                        unknown
                        contile.services.mozilla.com
                        34.117.188.166
                        truefalse
                          unknown
                          youtube.com
                          172.217.16.142
                          truefalse
                            unknown
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            34.160.144.191
                            truefalse
                              unknown
                              youtube-ui.l.google.com
                              142.250.185.142
                              truefalse
                                unknown
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                34.149.128.2
                                truefalse
                                  unknown
                                  reddit.map.fastly.net
                                  151.101.129.140
                                  truefalse
                                    unknown
                                    ipv4only.arpa
                                    192.0.0.170
                                    truefalse
                                      unknown
                                      prod.ads.prod.webservices.mozgcp.net
                                      34.117.188.166
                                      truefalse
                                        unknown
                                        push.services.mozilla.com
                                        34.107.243.93
                                        truefalse
                                          unknown
                                          normandy-cdn.services.mozilla.com
                                          35.201.103.21
                                          truefalse
                                            unknown
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            34.120.208.123
                                            truefalse
                                              unknown
                                              www.reddit.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                spocs.getpocket.com
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  content-signature-2.cdn.mozilla.net
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    support.mozilla.org
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      firefox.settings.services.mozilla.com
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.youtube.com
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          www.facebook.com
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            detectportal.firefox.com
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              normandy.cdn.mozilla.net
                                                              unknown
                                                              unknownfalse
                                                                unknown
                                                                shavar.services.mozilla.com
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  www.wikipedia.org
                                                                  unknown
                                                                  unknownfalse
                                                                    unknown
                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://youtube.comZfirefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000D.00000003.1792495044.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863012255.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844957363.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792249265.000001D5A8DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846347097.000001D5A88B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1784907137.000001D5A7240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865583924.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812200504.000001D5A5E2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1873327397.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1823831283.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837060795.000001D5A37BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1857914431.000001D5A7A7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1816794878.000001D5A5E37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780033025.000001D5A723F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.2916507597.000001E521F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3278F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1616739https://bugzilla.mozilla.org/show_bug.cgi?id=160firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1700747986.000001D5A2D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1878318247.000001D5AECCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000003.1843917503.000001D5AD3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1700747986.000001D5A2D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805379735.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1744790317.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1743841754.000001D5A6DBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806910034.000001D5A6DBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://www.msn.comfirefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                http://mozilla.org/0firefox.exe, 0000000D.00000003.1830951011.0000172C4FF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1700442630.000001D5A2D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700587078.000001D5A2D66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700290305.000001D5A2D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://youtube.com/firefox.exe, 0000000D.00000003.1879648773.000001D5A92BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852903246.000001D5A7CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1872296306.000001D5A7CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866009195.000001D5A76AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7696000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                        unknown
                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        https://www.amazon.com/firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000D.00000003.1843917503.000001D5AD3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                              unknown
                                                                                              https://accounts.firefox.com/xfirefox.exe, 0000000D.00000003.1789730153.000001D5AEF64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://www.youtube.com/firefox.exe, 0000000D.00000003.1796461659.000001D5A70E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A3270C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://MD8.mozilla.org/1/mfirefox.exe, 0000000D.00000003.1792249265.000001D5A8D71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000D.00000003.1878932425.000001D5AD67B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A327C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://127.0.0.1:firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1812706443.000001D5A6B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810762214.000001D5A6B2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://bugzilla.mofirefox.exe, 0000000D.00000003.1873556272.000001D5A7838000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://amazon.comfirefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                          unknown
                                                                                                          https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1795826268.000001D5A73D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.1878830341.000001D5ADA05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870450304.000001D5AF962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2915806212.0000017A32713000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://www.amazon.com/Zfirefox.exe, 0000000D.00000003.1830860788.00000D596A903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1831041359.00000D5803603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://addons.mozilla.org/firefox.exe, 0000000D.00000003.1795030333.000001D5A78EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1791744393.000001D5AD3AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1737926317.000001D5A7670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1875413424.000001D5A5590000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834057222.000001D5A6B88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836412848.000001D5A7382000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737926317.000001D5A76D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850694936.000001D5A7EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1866203123.000001D5A7670000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812706443.000001D5A6B8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1838966743.000001D5A5862000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1802454409.000001D5AD46A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1795896796.000001D5A7382000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1751539976.000001D5A74F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1799375073.000001D5A8B51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1838199230.000001D5A5824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812706443.000001D5A6B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD61F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1710154485.000001D5A5862000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849138860.000001D5A8827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1843100374.000001D5A55A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842970701.000001D5A586F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1802454409.000001D5AD45B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1852476606.000001D5A7E4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1850694936.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793344489.000001D5A7EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793847309.000001D5A7E4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://www.zhihu.com/firefox.exe, 0000000D.00000003.1790866340.000001D5AD643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791396656.000001D5AD611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000D.00000003.1873649948.000001D5A7636000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835632854.000001D5A7636000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1802262506.000001D5AD475000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000D.00000003.1843917503.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791744393.000001D5AD3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000D.00000003.1790866340.000001D5AD6AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://profiler.firefox.comfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://identity.mozilla.com/apps/relayfirefox.exe, 0000000D.00000003.1868188555.000001D5A730E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1836837016.000001D5A7309000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1874121050.000001D5A730E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1873272823.000001D5A7C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852903246.000001D5A7C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864903167.000001D5A7C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1794297032.000001D5A7C5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1783517579.000001D5A724C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1780959565.000001D5A72B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784390395.000001D5A72BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A72B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783440961.000001D5A72B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1779179497.000001D5A724E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1784425115.000001D5A7258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1797250103.000001D5A266E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813720135.000001D5A267E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1822993019.000001D5AEC5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.2916153221.000001AE00ECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2916507597.000001E521FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2920412519.0000017A32803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1853933029.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://www.amazon.co.uk/firefox.exe, 0000000D.00000003.1738757428.000001D5A5C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.2915268991.000001AE00D30000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2916069136.000001E521EC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2914375353.0000017A322C0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://truecolors.firefox.com/firefox.exe, 0000000D.00000003.1795030333.000001D5A781E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://www.google.com/searchfirefox.exe, 0000000D.00000003.1794604902.000001D5A7BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1700147016.000001D5A5200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs
                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          151.101.1.91
                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                          54113FASTLYUSfalse
                                                                                                                          34.149.100.209
                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                          34.107.243.93
                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          34.107.221.82
                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          35.244.181.201
                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          34.117.188.166
                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                          35.201.103.21
                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          35.190.72.216
                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          34.160.144.191
                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                          34.120.208.123
                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          172.217.16.142
                                                                                                                          youtube.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          IP
                                                                                                                          127.0.0.1
                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1541108
                                                                                                                          Start date and time:2024-10-24 12:35:06 +02:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 6m 51s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:file.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal72.troj.evad.winEXE@34/36@67/12
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 50%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 95%
                                                                                                                          • Number of executed functions: 41
                                                                                                                          • Number of non-executed functions: 312
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.13.186.250, 44.231.229.39, 34.208.54.237, 172.217.18.110, 2.22.61.59, 2.22.61.56, 142.250.186.174, 172.217.18.10, 172.217.18.106
                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                          TimeTypeDescription
                                                                                                                          06:36:07API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                              151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                          services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.129.91
                                                                                                                                                                                                          star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.0.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.253.35
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 157.240.251.35
                                                                                                                                                                                                          twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 104.244.42.1
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          FASTLYUSPO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.129.229
                                                                                                                                                                                                          https://landsmith.ae/continue.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.65.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.233.13.45
                                                                                                                                                                                                          https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                          https://app.affine.pro/workspace/6f321ca4-f766-41a0-bd18-9a1d8692fccd/OWaJzjD5UQBLWE3oGXvZYGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                          • 34.116.104.42
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                          ATGS-MMD-ASUSgNubpp8EFH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.129.30.184
                                                                                                                                                                                                          fOTHzKNyyk.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 57.45.185.202
                                                                                                                                                                                                          5tSAlF2WkT.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.209.232.2
                                                                                                                                                                                                          ai3eCONS9Q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.228.195.88
                                                                                                                                                                                                          jade.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 34.179.66.151
                                                                                                                                                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 48.207.125.247
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 33.251.141.240
                                                                                                                                                                                                          la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 32.254.232.250
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          ATGS-MMD-ASUSgNubpp8EFH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.129.30.184
                                                                                                                                                                                                          fOTHzKNyyk.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 57.45.185.202
                                                                                                                                                                                                          5tSAlF2WkT.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.209.232.2
                                                                                                                                                                                                          ai3eCONS9Q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 51.228.195.88
                                                                                                                                                                                                          jade.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 34.179.66.151
                                                                                                                                                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 48.207.125.247
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 33.251.141.240
                                                                                                                                                                                                          la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 32.254.232.250
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7813
                                                                                                                                                                                                                                                  Entropy (8bit):5.180596665435195
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:EjMX4a1cbhbVbTbfbRbObtbyEl7nGnHrnJA6WnSrDtTUd/SkDrc:EYFcNhnzFSJYrOBnSrDhUd/a
                                                                                                                                                                                                                                                  MD5:F7CB244BB7BC6BDF4A4432943E8E53B5
                                                                                                                                                                                                                                                  SHA1:93850D653C7C117AAD060C1AEB51C19BBA5B12D7
                                                                                                                                                                                                                                                  SHA-256:A8E7F4180D0731BE19BB02A6F2E52AF500FCA9100B24FF6973EC768A08E81ED6
                                                                                                                                                                                                                                                  SHA-512:EB6AD3006817508A19A48D42D27B9E067862D06CC34D2A5A2FC1E2A671370C6056EED6C092AA2832B0FB70EBAC2FA31B3784AE4AC2BB69536D4FC96BCDCFC96A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"type":"uninstall","id":"1402b137-ed01-4215-b660-4f769c92a5de","creationDate":"2024-10-24T12:20:39.129Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7813
                                                                                                                                                                                                                                                  Entropy (8bit):5.180596665435195
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:EjMX4a1cbhbVbTbfbRbObtbyEl7nGnHrnJA6WnSrDtTUd/SkDrc:EYFcNhnzFSJYrOBnSrDhUd/a
                                                                                                                                                                                                                                                  MD5:F7CB244BB7BC6BDF4A4432943E8E53B5
                                                                                                                                                                                                                                                  SHA1:93850D653C7C117AAD060C1AEB51C19BBA5B12D7
                                                                                                                                                                                                                                                  SHA-256:A8E7F4180D0731BE19BB02A6F2E52AF500FCA9100B24FF6973EC768A08E81ED6
                                                                                                                                                                                                                                                  SHA-512:EB6AD3006817508A19A48D42D27B9E067862D06CC34D2A5A2FC1E2A671370C6056EED6C092AA2832B0FB70EBAC2FA31B3784AE4AC2BB69536D4FC96BCDCFC96A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"type":"uninstall","id":"1402b137-ed01-4215-b660-4f769c92a5de","creationDate":"2024-10-24T12:20:39.129Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                  MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                  SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                  SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                  SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):453023
                                                                                                                                                                                                                                                  Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                  MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                  SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                  SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                  SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3621
                                                                                                                                                                                                                                                  Entropy (8bit):4.929642685528092
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNcrP:8S+OfJQPUFpOdwNIOdYVjvYcXaNLLK8P
                                                                                                                                                                                                                                                  MD5:40C1F2939BAA8880CF90FF7494AEA8C4
                                                                                                                                                                                                                                                  SHA1:A4C602E6ED8AC513B7C5136AF3F56A21EA989CAE
                                                                                                                                                                                                                                                  SHA-256:8DAF29A417FF7B1819C78AA9A3635002AA31A6C4D99C14188B026F3419532655
                                                                                                                                                                                                                                                  SHA-512:016D7A5E0FCEF7766E1E3ECAFA631C01346269343C71B104A62B6970D8FD181093F324DA233987353C38EB3B6BF7DD47A70C7F843555E285DE8CDC975CDAD182
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3621
                                                                                                                                                                                                                                                  Entropy (8bit):4.929642685528092
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNcrP:8S+OfJQPUFpOdwNIOdYVjvYcXaNLLK8P
                                                                                                                                                                                                                                                  MD5:40C1F2939BAA8880CF90FF7494AEA8C4
                                                                                                                                                                                                                                                  SHA1:A4C602E6ED8AC513B7C5136AF3F56A21EA989CAE
                                                                                                                                                                                                                                                  SHA-256:8DAF29A417FF7B1819C78AA9A3635002AA31A6C4D99C14188B026F3419532655
                                                                                                                                                                                                                                                  SHA-512:016D7A5E0FCEF7766E1E3ECAFA631C01346269343C71B104A62B6970D8FD181093F324DA233987353C38EB3B6BF7DD47A70C7F843555E285DE8CDC975CDAD182
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5312
                                                                                                                                                                                                                                                  Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                  MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                  SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                  SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                  SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5312
                                                                                                                                                                                                                                                  Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                  MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                  SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                  SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                  SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24
                                                                                                                                                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):262144
                                                                                                                                                                                                                                                  Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                  MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                  SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                  SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                  SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                                                                                  Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                  MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                  SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                  SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                  SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):36830
                                                                                                                                                                                                                                                  Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                  MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                  SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                  SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                  SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1021904
                                                                                                                                                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1021904
                                                                                                                                                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):116
                                                                                                                                                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                  Entropy (8bit):0.07333858257979299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkip:DLhesh7Owd4+jip
                                                                                                                                                                                                                                                  MD5:32C9171CC3927F7E444F94B37CA17F5A
                                                                                                                                                                                                                                                  SHA1:4D38752AFD22EEA31F8F3AE8C42EE32BA74DA2B3
                                                                                                                                                                                                                                                  SHA-256:20211113AC0E9C1449168E0AE4521661F934157BE88DA07AFA1F86D0A3FE033E
                                                                                                                                                                                                                                                  SHA-512:CEDFF0501F520F45D5D74666A24B0E4D7376D5252C9090D8F6ABD30E8732E3BC4E735AE44BE691055E38C6C2E284E950176994B69FF5CFF357E431BAD10A94F6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:GtlstFHK3ich9P3D9ottlstFHK3ich9P3Dl/lL89//alEl:GtWtcVh9P3D9ottWtcVh9P3DlZ89XuM
                                                                                                                                                                                                                                                  MD5:1BC2DC16FECB64F176806A3441CCFB6F
                                                                                                                                                                                                                                                  SHA1:9899D6141B7EA1F8C74BC0F9333F999986823AF8
                                                                                                                                                                                                                                                  SHA-256:61719E58A4769BA02ED51E7473C8525D3CB7DBFB2B85C842611EC5CEDE7373F7
                                                                                                                                                                                                                                                  SHA-512:CA6CDC840F9DAF107AAEA1A351B097B738C792BD617F7FFAFE53EDA7F3CD61954AE7A4102DAE317864968663753F0B33F4B1CF57F0D6B24A75310AF8C4953A5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-......................q6R.p...}.*...[..uG..H..-......................q6R.p...}.*...[..uG..H........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32824
                                                                                                                                                                                                                                                  Entropy (8bit):0.03983632420097889
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Ol1ZLrokxOlg3EJoVMDl8rEXsxdwhml8XW3R2:KTrR0l8dMhm93w
                                                                                                                                                                                                                                                  MD5:C7067ED3E9798348517D5C6C7635AC48
                                                                                                                                                                                                                                                  SHA1:278F3E033B00F02FD5005D75E2A79D5D6F8372A9
                                                                                                                                                                                                                                                  SHA-256:E8894A8F77027E38A1C4011498CE997A05AA885D8A477F67B61DEFBFBCED2706
                                                                                                                                                                                                                                                  SHA-512:D3DF0BE934E297126F0DD07E659851F11BC51B7A8283A8B0D5432E3175EBC1F6F8F68810619C16EC3F7BC4DA598FA47487FBF6C8EBE1FA3353CE8099A7A7FA03
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:7....-...........}.*...[.....5+O.........}.*...[R6q...p.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13254
                                                                                                                                                                                                                                                  Entropy (8bit):5.494828363659665
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZnaRtLYbBp658hj4qyaaXW6KXfNj15RfGNBw8d0Sl:EeEq+cVVcwD0
                                                                                                                                                                                                                                                  MD5:F4CFF32B0D26E30885B819846CE8B426
                                                                                                                                                                                                                                                  SHA1:AA6C656331A4E81FF6A229FA3C6E207516E19CBE
                                                                                                                                                                                                                                                  SHA-256:B1FF04C100D3C1F9417EBC67A92BB4B3E0F7A2D5C290816D230874721506D79D
                                                                                                                                                                                                                                                  SHA-512:DC9929435844C74425991CB2E6CCB218425D1CA678C58F486734C5FCB3B69D62A1773B8DA70B9623FC97C77458A1D6DCCDE209E35861CD9AC007B05460FF2893
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729772409);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729772409);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729772409);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172977
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13254
                                                                                                                                                                                                                                                  Entropy (8bit):5.494828363659665
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZnaRtLYbBp658hj4qyaaXW6KXfNj15RfGNBw8d0Sl:EeEq+cVVcwD0
                                                                                                                                                                                                                                                  MD5:F4CFF32B0D26E30885B819846CE8B426
                                                                                                                                                                                                                                                  SHA1:AA6C656331A4E81FF6A229FA3C6E207516E19CBE
                                                                                                                                                                                                                                                  SHA-256:B1FF04C100D3C1F9417EBC67A92BB4B3E0F7A2D5C290816D230874721506D79D
                                                                                                                                                                                                                                                  SHA-512:DC9929435844C74425991CB2E6CCB218425D1CA678C58F486734C5FCB3B69D62A1773B8DA70B9623FC97C77458A1D6DCCDE209E35861CD9AC007B05460FF2893
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729772409);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729772409);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729772409);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172977
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                  MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                  SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                  SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                  SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):493
                                                                                                                                                                                                                                                  Entropy (8bit):4.953662506970368
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YZFgSW/wAM6FvIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YoBSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                  MD5:0B7B9DB8F8BCEC2FDB729894C07CABD7
                                                                                                                                                                                                                                                  SHA1:672201DD1A173D8D274AE61111B58F5510FDB2C2
                                                                                                                                                                                                                                                  SHA-256:470248F1B5C4332FE986996F760260FE49FF53E8D756127E8B15FAF7A6603376
                                                                                                                                                                                                                                                  SHA-512:FC699CDFB9B48D75A168403E786784BBED8D8D360969EE5A6A724F017E1363385E7B26B8EF403CC5F812A77F3FD79114E1815EF6E1550814A1670D950B2F69D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"type":"health","id":"ab6f609f-17ee-4f84-b1d8-52696e1a07aa","creationDate":"2024-10-24T12:20:39.822Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):493
                                                                                                                                                                                                                                                  Entropy (8bit):4.953662506970368
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YZFgSW/wAM6FvIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YoBSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                  MD5:0B7B9DB8F8BCEC2FDB729894C07CABD7
                                                                                                                                                                                                                                                  SHA1:672201DD1A173D8D274AE61111B58F5510FDB2C2
                                                                                                                                                                                                                                                  SHA-256:470248F1B5C4332FE986996F760260FE49FF53E8D756127E8B15FAF7A6603376
                                                                                                                                                                                                                                                  SHA-512:FC699CDFB9B48D75A168403E786784BBED8D8D360969EE5A6A724F017E1363385E7B26B8EF403CC5F812A77F3FD79114E1815EF6E1550814A1670D950B2F69D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"type":"health","id":"ab6f609f-17ee-4f84-b1d8-52696e1a07aa","creationDate":"2024-10-24T12:20:39.822Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):90
                                                                                                                                                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1571
                                                                                                                                                                                                                                                  Entropy (8bit):6.331911233323271
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:v+USUGlcAxS6LXnIgE/pnxQwRlszT5sKtMyU3eHVQj6T7amhujJlOsIomNVrURgX:GUpOxbUnR6tU3eHT74JlIKRR4
                                                                                                                                                                                                                                                  MD5:B128DD92235F1F99429A066A3F9A556E
                                                                                                                                                                                                                                                  SHA1:406C2C52ED24B846285814198793D4493E1B8C51
                                                                                                                                                                                                                                                  SHA-256:7CA258C04F44BBAD98889BA475C23122A6B0910E84EA0FBF40A27FDAD94A2ACE
                                                                                                                                                                                                                                                  SHA-512:1BC44087C7B518BCF88FC786C3AE8BDEAEECBC4ACC9B5148E7B39B9CB67238AD25C869C562F6708BC1C79D0176EC88DB8F2400FF8EE269F626B19C37239D77FC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{56e831d4-8753-4cc8-96cc-69778c8e17ef}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729772414795,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`378914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....386951,"originA...
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1571
                                                                                                                                                                                                                                                  Entropy (8bit):6.331911233323271
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:v+USUGlcAxS6LXnIgE/pnxQwRlszT5sKtMyU3eHVQj6T7amhujJlOsIomNVrURgX:GUpOxbUnR6tU3eHT74JlIKRR4
                                                                                                                                                                                                                                                  MD5:B128DD92235F1F99429A066A3F9A556E
                                                                                                                                                                                                                                                  SHA1:406C2C52ED24B846285814198793D4493E1B8C51
                                                                                                                                                                                                                                                  SHA-256:7CA258C04F44BBAD98889BA475C23122A6B0910E84EA0FBF40A27FDAD94A2ACE
                                                                                                                                                                                                                                                  SHA-512:1BC44087C7B518BCF88FC786C3AE8BDEAEECBC4ACC9B5148E7B39B9CB67238AD25C869C562F6708BC1C79D0176EC88DB8F2400FF8EE269F626B19C37239D77FC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{56e831d4-8753-4cc8-96cc-69778c8e17ef}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729772414795,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`378914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....386951,"originA...
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1571
                                                                                                                                                                                                                                                  Entropy (8bit):6.331911233323271
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:v+USUGlcAxS6LXnIgE/pnxQwRlszT5sKtMyU3eHVQj6T7amhujJlOsIomNVrURgX:GUpOxbUnR6tU3eHT74JlIKRR4
                                                                                                                                                                                                                                                  MD5:B128DD92235F1F99429A066A3F9A556E
                                                                                                                                                                                                                                                  SHA1:406C2C52ED24B846285814198793D4493E1B8C51
                                                                                                                                                                                                                                                  SHA-256:7CA258C04F44BBAD98889BA475C23122A6B0910E84EA0FBF40A27FDAD94A2ACE
                                                                                                                                                                                                                                                  SHA-512:1BC44087C7B518BCF88FC786C3AE8BDEAEECBC4ACC9B5148E7B39B9CB67238AD25C869C562F6708BC1C79D0176EC88DB8F2400FF8EE269F626B19C37239D77FC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{56e831d4-8753-4cc8-96cc-69778c8e17ef}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729772414795,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`378914...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....386951,"originA...
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4096
                                                                                                                                                                                                                                                  Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                  MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                  SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                  SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                  SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4537
                                                                                                                                                                                                                                                  Entropy (8bit):5.034555329310796
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YrSAYe6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yceyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                  MD5:6FD875EFA58A1A2637E96F937FF52778
                                                                                                                                                                                                                                                  SHA1:BDFEE9C0CDAA007DB4792752F4286C37B94B4188
                                                                                                                                                                                                                                                  SHA-256:D3FBCD34E4FBB122227A53100B9B72C9F502DF5A89E21440D2E1A204D73DF739
                                                                                                                                                                                                                                                  SHA-512:5E92D9D9F66510029162C63E645ABF17ACFD77340D1954C1E67A95D1D9564B168A393ADB03911FD2E037CFBED99B663665D5C3CE7B770EE547E3323565D5E0D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-24T12:19:54.637Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4537
                                                                                                                                                                                                                                                  Entropy (8bit):5.034555329310796
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YrSAYe6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yceyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                  MD5:6FD875EFA58A1A2637E96F937FF52778
                                                                                                                                                                                                                                                  SHA1:BDFEE9C0CDAA007DB4792752F4286C37B94B4188
                                                                                                                                                                                                                                                  SHA-256:D3FBCD34E4FBB122227A53100B9B72C9F502DF5A89E21440D2E1A204D73DF739
                                                                                                                                                                                                                                                  SHA-512:5E92D9D9F66510029162C63E645ABF17ACFD77340D1954C1E67A95D1D9564B168A393ADB03911FD2E037CFBED99B663665D5C3CE7B770EE547E3323565D5E0D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-24T12:19:54.637Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):6.584690423252059
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                                                                  File size:919'552 bytes
                                                                                                                                                                                                                                                  MD5:4f84f1e06697752092aefec38c505e32
                                                                                                                                                                                                                                                  SHA1:ec8983c0f3f687d6d1f071da1508de63949fa050
                                                                                                                                                                                                                                                  SHA256:87e74ee7443a17d2626ca5d33032913d139a2ea156d2afb4b4213ea49da4a3dd
                                                                                                                                                                                                                                                  SHA512:f2b019f872b6d85c740b3c8cf7ebb5c37721dec70dae4731feaef5a8c001f24a0304b90ecbeec2fd7fc3b3fa5751ac4684975ac49822fba8c89faab2a3f32f23
                                                                                                                                                                                                                                                  SSDEEP:12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tu:YqDEvCTbMWu7rQYlBQcBiT6rprG8abu
                                                                                                                                                                                                                                                  TLSH:E3159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                  Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                  Entrypoint:0x420577
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x671A2199 [Thu Oct 24 10:29:45 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                                                                  Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  call 00007F6714C9E8E3h
                                                                                                                                                                                                                                                  jmp 00007F6714C9E1EFh
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                  mov esi, ecx
                                                                                                                                                                                                                                                  call 00007F6714C9E3CDh
                                                                                                                                                                                                                                                  mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                  mov eax, esi
                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                                                  retn 0004h
                                                                                                                                                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                  mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                  mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                  mov esi, ecx
                                                                                                                                                                                                                                                  call 00007F6714C9E39Ah
                                                                                                                                                                                                                                                  mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                  mov eax, esi
                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                                                  retn 0004h
                                                                                                                                                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                  mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                  mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  mov esi, ecx
                                                                                                                                                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                  and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                  and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                  add eax, 04h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  call 00007F6714CA0F8Dh
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  mov eax, esi
                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                                                  retn 0004h
                                                                                                                                                                                                                                                  lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                  mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  call 00007F6714CA0FD8h
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  mov esi, ecx
                                                                                                                                                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  call 00007F6714CA0FC1h
                                                                                                                                                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rsrc0xd40000x9c280x9e00c9173e55a82224932a6bcdee6dfa6a9dFalse0.31566455696202533data5.373589346348242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                  RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                  RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                  RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                  RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                  RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                  RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                  RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                  RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                  RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                  RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                  RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                  RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                  RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                  RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                  RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                  RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                  RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                  RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                  RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                                                  RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                  RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                  RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                  RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                  RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                  RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                  MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                  WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                  IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                  USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                  UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                  USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                  GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                  SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                  OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishGreat Britain
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.229695082 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.229741096 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.229875088 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.236577034 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.236615896 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.861478090 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.862603903 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.870522976 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.870541096 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.870646000 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.870707989 CEST4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.870783091 CEST49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.670471907 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.670523882 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.670732021 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.672122955 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.672159910 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.864064932 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.864147902 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.877804995 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.879218102 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.879300117 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.924442053 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.929820061 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.930078983 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.930226088 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.936031103 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.525362968 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.526032925 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.528767109 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.531327963 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.538564920 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.555423021 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.555449009 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.555517912 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.555710077 CEST44349738172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.558303118 CEST49738443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.592025042 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.693346024 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.693428993 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.698695898 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709255934 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709336996 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709430933 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709506035 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.716734886 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.718099117 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.718132973 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.730264902 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.730283022 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.731718063 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.736052990 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.736115932 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.776923895 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.813602924 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.813604116 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.813659906 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.814033031 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.814071894 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.814146042 CEST44349739172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.814256907 CEST49739443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.814472914 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.815620899 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.815642118 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.841339111 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.846873999 CEST804974434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.847172022 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.847323895 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849575043 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849613905 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849874973 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849874973 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849941969 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.852895021 CEST804974434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.940613985 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.940694094 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.947346926 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.947469950 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.947501898 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.334948063 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.335095882 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.339931965 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.339962006 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.339993000 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.340131998 CEST4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.340466022 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.340507984 CEST4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.340646982 CEST49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.340878963 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.342186928 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.342209101 CEST4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.348382950 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.348402023 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.361008883 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.365665913 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.365695000 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.365762949 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.366087914 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.366142035 CEST4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.366221905 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.366394997 CEST4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.366458893 CEST49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.367583036 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.367609978 CEST4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.436077118 CEST804974434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.469650984 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.469732046 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.472738981 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.472749949 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.473153114 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.475466967 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.475539923 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.475661993 CEST4434974535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.475776911 CEST49745443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.494972944 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.569624901 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.569641113 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.579333067 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.582184076 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.582189083 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.582185030 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.582248926 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.582711935 CEST4434974634.160.144.191192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.585915089 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.585915089 CEST49746443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.588073015 CEST804974434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.588224888 CEST4974480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.588490963 CEST804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.588640928 CEST4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.680335045 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.680429935 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.682837963 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.682960033 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.686383963 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.686393976 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.686415911 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.686682940 CEST44349743172.217.16.142192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.686834097 CEST49743443192.168.2.4172.217.16.142
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.690624952 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.696171045 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.703161955 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.703309059 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.708743095 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.960331917 CEST4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.965202093 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.970602036 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.970602989 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.970660925 CEST4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.970911980 CEST4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.970983028 CEST49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.005685091 CEST4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.005773067 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.010354996 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.010379076 CEST4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.010437012 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.010793924 CEST4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.010852098 CEST49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.298358917 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.321393013 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.321445942 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.328537941 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.330610037 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.330660105 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.344136000 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.403014898 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.408493996 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.427952051 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.428097010 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.433666945 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.944117069 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.944130898 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.944201946 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.947576046 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.947606087 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.947675943 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.947757959 CEST4434975134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.948107958 CEST49751443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.948131084 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.948214054 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.948528051 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.949551105 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.949603081 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.015106916 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.069550037 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.557456970 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.560663939 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.565059900 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.565061092 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.565124989 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.565289021 CEST4434975434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.565490961 CEST49754443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.851169109 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.856736898 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.976286888 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.021811962 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.474723101 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.479285002 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.479338884 CEST4434975634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.480142117 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.480463982 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.481379986 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.481401920 CEST4434975634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.483102083 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.483113050 CEST4434975734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.483777046 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.484929085 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.484946012 CEST4434975734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.527956009 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.527981997 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.528127909 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.528359890 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.528373003 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.600790024 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.648140907 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.100632906 CEST4434975734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.100713968 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.105942011 CEST4434975634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.106004953 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.135094881 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.135171890 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.641832113 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.641855001 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.642921925 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.644396067 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.644434929 CEST4434975734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.644471884 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.645174026 CEST4434975734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.648207903 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.648225069 CEST4434975634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.648257017 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.648433924 CEST4434975634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.649430990 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.649430990 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.649574995 CEST4434975835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.650960922 CEST49757443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.651032925 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.655996084 CEST49756443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:10.656091928 CEST49758443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.674489975 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.680366993 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.687311888 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.687421083 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.687516928 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.688747883 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.688839912 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.770251036 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.770332098 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.770617962 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.772084951 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.772139072 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.799666882 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.847620010 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.976624966 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.982043028 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.099728107 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.150099993 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.298655033 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.298866034 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.303061008 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.303112984 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.303178072 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.303380013 CEST4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.303987980 CEST49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.400785923 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.401009083 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.516405106 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.516482115 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.516921997 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.517043114 CEST4434976234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.519840002 CEST49762443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.524084091 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.529563904 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.597132921 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.597173929 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.606128931 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.606211901 CEST4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.607573032 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.607814074 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.608846903 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.608887911 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.609081984 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.609157085 CEST4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.625852108 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.625921011 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.627265930 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.629795074 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.629837036 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.648621082 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.692183018 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.233500004 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.233524084 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.233607054 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.235043049 CEST4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.235240936 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.235599041 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:17.235682011 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.012535095 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.012646914 CEST4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.013566971 CEST4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.014208078 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.014262915 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.014681101 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.017249107 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.017303944 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.017570972 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.017786980 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.017869949 CEST4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018127918 CEST49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018285990 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018345118 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018486023 CEST4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018600941 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.022151947 CEST49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.022166967 CEST49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.274722099 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.575607061 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.593197107 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.593226910 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.593254089 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.691291094 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.696913004 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.714425087 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.760437012 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.816030979 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.860697031 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.339129925 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.343487978 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.343529940 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.343738079 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.344644070 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.345107079 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.345127106 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.462306976 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.515840054 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.965519905 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.965609074 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.970891953 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.970918894 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.971004963 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.971136093 CEST4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.971205950 CEST49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.973773956 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.979232073 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.098543882 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.101540089 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.107372999 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.148893118 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.224962950 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.264704943 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.102808952 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.108520985 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.122946978 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.123044968 CEST4434977134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.123226881 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.124464989 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.124501944 CEST4434977134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.234230995 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.239665985 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.763112068 CEST4434977134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.763331890 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.769215107 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.769234896 CEST4434977134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.769335032 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.769476891 CEST4434977134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.770155907 CEST49771443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.772373915 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.777965069 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.822451115 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.822482109 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.822777033 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.822887897 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.822895050 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.841595888 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.841650009 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.845283985 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.845304966 CEST4434977435.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.845731020 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.845851898 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.845982075 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.846009970 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.847475052 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.847498894 CEST4434977435.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.849638939 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.849725962 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.850389004 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.850528002 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.850559950 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.866132975 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.866213083 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.866750002 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.867966890 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.868000031 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.897382975 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.921744108 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.928654909 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.951919079 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.045140982 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.089972019 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.689904928 CEST4434977435.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.690203905 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.692115068 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.692130089 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.696089983 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.696119070 CEST4434977435.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.696213007 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.696352959 CEST4434977435.190.72.216192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.699326038 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.702359915 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.702501059 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.703336954 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.705019951 CEST49774443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.705019951 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.705038071 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.705039024 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.707339048 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.707360983 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.707396030 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.708091021 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.708108902 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.708525896 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.709309101 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.710167885 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.710176945 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.710617065 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.717216969 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.717241049 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.717605114 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.719808102 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.723680973 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.723747969 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.723926067 CEST4434977235.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724005938 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724044085 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724240065 CEST49772443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724244118 CEST4434977334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724931002 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.724940062 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725033045 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725138903 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725208998 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725475073 CEST44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725528955 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725560904 CEST4434977735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.725657940 CEST4434977635.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.726594925 CEST49773443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.726599932 CEST49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.726627111 CEST49776443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.726834059 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.727842093 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.727850914 CEST4434977735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.736283064 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.736327887 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.736644983 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.736766100 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.736779928 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.738351107 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.738421917 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.738570929 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.738729000 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.738764048 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.740806103 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.740834951 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.741143942 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.741239071 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.741250992 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.828903913 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.831751108 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.837652922 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.876688004 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.955615997 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.008279085 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.355243921 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.355962038 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.359587908 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.359860897 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.359889030 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.360172033 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.360192060 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.362664938 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.362694025 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.363045931 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.364543915 CEST4434977735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.364809990 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.368002892 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.368098974 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.368212938 CEST4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.368890047 CEST49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.369021893 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.369088888 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.369389057 CEST4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.372210979 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.372222900 CEST4434977735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.372287989 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.372483015 CEST4434977735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.375955105 CEST49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.375957012 CEST49777443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.376158953 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.377962112 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.378107071 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.383474112 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.383513927 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.383569002 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.384407043 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.387003899 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.387063980 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.387480021 CEST4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.391407967 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.391469002 CEST49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.422678947 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.422764063 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.422895908 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.423022985 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.423046112 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.502882957 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.506198883 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.511693001 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.555507898 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.630306959 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.671288967 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.044158936 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.044306040 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.047532082 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.047561884 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.047964096 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.050148010 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.050302029 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.050400972 CEST4434978134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.051496983 CEST49781443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.053713083 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.059128046 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.178600073 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.182066917 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.187622070 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.226212025 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.305074930 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.357861042 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.190542936 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.196527958 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.322227955 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.327992916 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.022522926 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.022559881 CEST4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.024075985 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.026122093 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.026139021 CEST4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.641318083 CEST4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.641470909 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.645977020 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.645987034 CEST4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.646018028 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.646260023 CEST4434978334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.646689892 CEST49783443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.649754047 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.656883955 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.775886059 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.778964043 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.785556078 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.816011906 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.903213978 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.947613001 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.526479959 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.532164097 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.651504993 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.654138088 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.659665108 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.694830894 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.777343035 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.832911968 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.045006037 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.045104980 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.047904968 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.048099995 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.048135996 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.053695917 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.053731918 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.053980112 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.054130077 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.054150105 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.056893110 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.056955099 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.057348013 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.057477951 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.057488918 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.655764103 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.659070969 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.662035942 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.662056923 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.662420034 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.664956093 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.665080070 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.665283918 CEST4434981034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.665555954 CEST49810443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.670296907 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.670691013 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.673724890 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.673738956 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.674215078 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.675559044 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.675931931 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.678328037 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.678335905 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.678683996 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.678935051 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.679023027 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.679282904 CEST4434981234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.681047916 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.681118965 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.681246996 CEST4434981134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.685652018 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.685676098 CEST49812443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.685688972 CEST49811443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.764183044 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.770482063 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.788769007 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.788794994 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.788878918 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.788911104 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790493011 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790513039 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790692091 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790712118 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790832043 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.790843964 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.810631037 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.810672998 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.811351061 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.811420918 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.811439037 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.833060026 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.833118916 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.838222980 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.838293076 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.838318110 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.889622927 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.913815975 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.919244051 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.939121962 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.036958933 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.081347942 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.391688108 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.391896009 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.395087957 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.395097971 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.395435095 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.397212982 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.397386074 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.397556067 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.397556067 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.397798061 CEST4434981634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.400979042 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.400989056 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.401896954 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.403678894 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.403743982 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.404099941 CEST4434981534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.407639027 CEST49816443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.407661915 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.407680035 CEST49815443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.409225941 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.415488005 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.433687925 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.433888912 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.436620951 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.436650038 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.437051058 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.439006090 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.439093113 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.439177990 CEST4434981734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.439320087 CEST49817443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.450965881 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.451042891 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.454008102 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.454021931 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.454698086 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.456887960 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.456975937 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.457051039 CEST4434982034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.457117081 CEST49820443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.534528971 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.537636042 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.543379068 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.582453966 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.661015034 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.713948965 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.539751053 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.545269966 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.671279907 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.676934004 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.546233892 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.551841974 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.677897930 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.683386087 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.969252110 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.969332933 CEST4434999034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.969465971 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.971051931 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.971081972 CEST4434999034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.560441017 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.565855980 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.592926979 CEST4434999034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.593122005 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.599100113 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.599131107 CEST4434999034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.599190950 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.599361897 CEST4434999034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.600202084 CEST49990443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.602145910 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.607552052 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.691828966 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.697268963 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.726850033 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.729895115 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.735251904 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.776716948 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.852945089 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.908126116 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.736809015 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.742518902 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.859417915 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.868233919 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.750152111 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.756417036 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.887572050 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.893201113 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.759648085 CEST4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.765201092 CEST804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.896428108 CEST4975280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.902035952 CEST804975234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.269727945 CEST5123053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.277601004 CEST53512301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.291660070 CEST5900153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.300134897 CEST53590011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.661854982 CEST4940753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.669656038 CEST53494071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.670536995 CEST5253753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.677870989 CEST53525371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.682363033 CEST5115653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.689726114 CEST53511561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.842092037 CEST4941853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.852432013 CEST5690853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.860332012 CEST53569081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.892261028 CEST6502753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.899693966 CEST53650271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.677891970 CEST6432053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.680186033 CEST5005853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.681761026 CEST6101153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.686053038 CEST53643201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.686826944 CEST5608353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.687462091 CEST53500581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.690454960 CEST53610111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.694938898 CEST53560831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.698719978 CEST6375753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.700350046 CEST5443053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.706528902 CEST53637571.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.707066059 CEST5372753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.707465887 CEST53544301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709633112 CEST6552053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.714456081 CEST53537271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.718477011 CEST53655201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.830427885 CEST5460053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849653959 CEST6040453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.857594013 CEST53604041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.859050035 CEST5495053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.866759062 CEST53549501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.917973042 CEST6248353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.926153898 CEST53624831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.941360950 CEST6533453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.949063063 CEST53653341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.953954935 CEST5506353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.961904049 CEST53550631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.609234095 CEST5523853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.828989029 CEST6020053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.837177992 CEST53602001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.845711946 CEST5720053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.851584911 CEST5762853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.853305101 CEST53572001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.857903957 CEST53555901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.859148026 CEST53576281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.860620975 CEST6007353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.861546993 CEST5378753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.868525982 CEST53600731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.868978024 CEST53537871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.869769096 CEST5764053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.877191067 CEST53576401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.483441114 CEST5335353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.491156101 CEST53533531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.494285107 CEST5765753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.501758099 CEST53576571.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.520050049 CEST5719353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.532525063 CEST53571931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.687371969 CEST5194953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.697928905 CEST53519491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.761084080 CEST5854453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.769278049 CEST53585441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.770260096 CEST6248553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.778253078 CEST53624851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.779016972 CEST5522653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.787561893 CEST53552261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.343091965 CEST6285953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.351281881 CEST53628591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.352273941 CEST4944453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.359599113 CEST53494441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.149576902 CEST5666853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.149898052 CEST6488853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.150182962 CEST6514253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST53566681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157672882 CEST53651421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157943964 CEST6000653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158214092 CEST53648881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158304930 CEST5691753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158703089 CEST6407653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST53600061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165977001 CEST53569171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165992022 CEST53640761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168184042 CEST5457853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168457985 CEST6290153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168900013 CEST5873553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175777912 CEST53545781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175904036 CEST53629011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.176477909 CEST5579553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.177002907 CEST53587351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.177092075 CEST6344453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST53557951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.185039997 CEST53634441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.186470032 CEST5486153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.186549902 CEST6443953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194164038 CEST53644391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194576025 CEST5357353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194663048 CEST53548611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.195085049 CEST6207253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.201704025 CEST53535731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.202435970 CEST53620721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.123559952 CEST5013653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.131249905 CEST53501361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.821892977 CEST5504853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.829282999 CEST53550481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.829701900 CEST5074453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.837193012 CEST6371953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.837488890 CEST53507441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.844893932 CEST53637191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.850403070 CEST5989453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857081890 CEST5507453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857913971 CEST53598941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.861406088 CEST5710353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.865302086 CEST53550741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.866538048 CEST6209253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.868993044 CEST53571031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.874519110 CEST53620921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.882263899 CEST5674853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.891253948 CEST53567481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.023627996 CEST5154353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.031266928 CEST53515431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.045012951 CEST6302953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.052273035 CEST53630291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.764914036 CEST5596353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.961072922 CEST5158153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.968275070 CEST53515811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.969171047 CEST6174853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.976353884 CEST53617481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.269727945 CEST192.168.2.41.1.1.10x168dStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.291660070 CEST192.168.2.41.1.1.10xdaaeStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.661854982 CEST192.168.2.41.1.1.10x6aebStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.670536995 CEST192.168.2.41.1.1.10xf16fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.682363033 CEST192.168.2.41.1.1.10x51ddStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.842092037 CEST192.168.2.41.1.1.10xdd5fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.852432013 CEST192.168.2.41.1.1.10xf279Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.892261028 CEST192.168.2.41.1.1.10x38e6Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.677891970 CEST192.168.2.41.1.1.10x161bStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.680186033 CEST192.168.2.41.1.1.10x710eStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.681761026 CEST192.168.2.41.1.1.10x8a8eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.686826944 CEST192.168.2.41.1.1.10xfcc2Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.698719978 CEST192.168.2.41.1.1.10xc081Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.700350046 CEST192.168.2.41.1.1.10x2c69Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.707066059 CEST192.168.2.41.1.1.10x5cbeStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.709633112 CEST192.168.2.41.1.1.10xaecbStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.830427885 CEST192.168.2.41.1.1.10xda4aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.849653959 CEST192.168.2.41.1.1.10xe261Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.859050035 CEST192.168.2.41.1.1.10x4eeaStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.917973042 CEST192.168.2.41.1.1.10xa37fStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.941360950 CEST192.168.2.41.1.1.10x2ad4Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.953954935 CEST192.168.2.41.1.1.10xc521Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.609234095 CEST192.168.2.41.1.1.10x7872Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.828989029 CEST192.168.2.41.1.1.10xe9dcStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.845711946 CEST192.168.2.41.1.1.10x5a09Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.851584911 CEST192.168.2.41.1.1.10x3359Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.860620975 CEST192.168.2.41.1.1.10xced3Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.861546993 CEST192.168.2.41.1.1.10x2aedStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.869769096 CEST192.168.2.41.1.1.10xe918Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.483441114 CEST192.168.2.41.1.1.10x66e4Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.494285107 CEST192.168.2.41.1.1.10xfaf5Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.520050049 CEST192.168.2.41.1.1.10x76ddStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.687371969 CEST192.168.2.41.1.1.10x8ed3Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.761084080 CEST192.168.2.41.1.1.10x9c93Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.770260096 CEST192.168.2.41.1.1.10x8fcStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.779016972 CEST192.168.2.41.1.1.10x9ba6Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.343091965 CEST192.168.2.41.1.1.10x6b95Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.352273941 CEST192.168.2.41.1.1.10x1bbeStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.149576902 CEST192.168.2.41.1.1.10x4a67Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.149898052 CEST192.168.2.41.1.1.10xb417Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.150182962 CEST192.168.2.41.1.1.10x4e90Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157943964 CEST192.168.2.41.1.1.10xef91Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158304930 CEST192.168.2.41.1.1.10x8e43Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158703089 CEST192.168.2.41.1.1.10xfe51Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168184042 CEST192.168.2.41.1.1.10x1d70Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168457985 CEST192.168.2.41.1.1.10x5b0aStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.168900013 CEST192.168.2.41.1.1.10x2b42Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.176477909 CEST192.168.2.41.1.1.10x3ccbStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.177092075 CEST192.168.2.41.1.1.10x2de3Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.186470032 CEST192.168.2.41.1.1.10x628dStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.186549902 CEST192.168.2.41.1.1.10x70bdStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194576025 CEST192.168.2.41.1.1.10xb76bStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.195085049 CEST192.168.2.41.1.1.10x9008Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.123559952 CEST192.168.2.41.1.1.10xdc46Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.821892977 CEST192.168.2.41.1.1.10xecb0Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.829701900 CEST192.168.2.41.1.1.10x3292Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.837193012 CEST192.168.2.41.1.1.10x2296Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.850403070 CEST192.168.2.41.1.1.10x5070Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857081890 CEST192.168.2.41.1.1.10x6addStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.861406088 CEST192.168.2.41.1.1.10x1231Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.866538048 CEST192.168.2.41.1.1.10xe201Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.882263899 CEST192.168.2.41.1.1.10x52ccStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.023627996 CEST192.168.2.41.1.1.10x4e32Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.045012951 CEST192.168.2.41.1.1.10xb3a3Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.764914036 CEST192.168.2.41.1.1.10xd94bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.961072922 CEST192.168.2.41.1.1.10x54c4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.969171047 CEST192.168.2.41.1.1.10x3f03Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.226566076 CEST1.1.1.1192.168.2.40xd9No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:02.277601004 CEST1.1.1.1192.168.2.40x168dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.669656038 CEST1.1.1.1192.168.2.40x6aebNo error (0)youtube.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.677870989 CEST1.1.1.1192.168.2.40xf16fNo error (0)youtube.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.689726114 CEST1.1.1.1192.168.2.40x51ddNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.849736929 CEST1.1.1.1192.168.2.40xdd5fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.849736929 CEST1.1.1.1192.168.2.40xdd5fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.860332012 CEST1.1.1.1192.168.2.40xf279No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.899693966 CEST1.1.1.1192.168.2.40x38e6No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.686053038 CEST1.1.1.1192.168.2.40x161bNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.687462091 CEST1.1.1.1192.168.2.40x710eNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.687462091 CEST1.1.1.1192.168.2.40x710eNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.690454960 CEST1.1.1.1192.168.2.40x8a8eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.694938898 CEST1.1.1.1192.168.2.40xfcc2No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.694938898 CEST1.1.1.1192.168.2.40xfcc2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.706528902 CEST1.1.1.1192.168.2.40xc081No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.707465887 CEST1.1.1.1192.168.2.40x2c69No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.838015079 CEST1.1.1.1192.168.2.40xda4aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.838015079 CEST1.1.1.1192.168.2.40xda4aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.848769903 CEST1.1.1.1192.168.2.40x60ebNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.848769903 CEST1.1.1.1192.168.2.40x60ebNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.857594013 CEST1.1.1.1192.168.2.40xe261No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.926153898 CEST1.1.1.1192.168.2.40xa37fNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.926153898 CEST1.1.1.1192.168.2.40xa37fNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.926153898 CEST1.1.1.1192.168.2.40xa37fNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.949063063 CEST1.1.1.1192.168.2.40x2ad4No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.961904049 CEST1.1.1.1192.168.2.40xc521No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.827579975 CEST1.1.1.1192.168.2.40x7872No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.837177992 CEST1.1.1.1192.168.2.40xe9dcNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.837177992 CEST1.1.1.1192.168.2.40xe9dcNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.837177992 CEST1.1.1.1192.168.2.40xe9dcNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.853305101 CEST1.1.1.1192.168.2.40x5a09No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.859148026 CEST1.1.1.1192.168.2.40x3359No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.868978024 CEST1.1.1.1192.168.2.40x2aedNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.482359886 CEST1.1.1.1192.168.2.40x9706No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.491156101 CEST1.1.1.1192.168.2.40x66e4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.526360989 CEST1.1.1.1192.168.2.40xdc21No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.526360989 CEST1.1.1.1192.168.2.40xdc21No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.685432911 CEST1.1.1.1192.168.2.40x5575No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.769278049 CEST1.1.1.1192.168.2.40x9c93No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.769278049 CEST1.1.1.1192.168.2.40x9c93No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.778253078 CEST1.1.1.1192.168.2.40x8fcNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.351281881 CEST1.1.1.1192.168.2.40x6b95No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157272100 CEST1.1.1.1192.168.2.40x4a67No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157672882 CEST1.1.1.1192.168.2.40x4e90No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.157672882 CEST1.1.1.1192.168.2.40x4e90No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158214092 CEST1.1.1.1192.168.2.40xb417No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.158214092 CEST1.1.1.1192.168.2.40xb417No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165611029 CEST1.1.1.1192.168.2.40xef91No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165977001 CEST1.1.1.1192.168.2.40x8e43No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.165992022 CEST1.1.1.1192.168.2.40xfe51No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175777912 CEST1.1.1.1192.168.2.40x1d70No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175777912 CEST1.1.1.1192.168.2.40x1d70No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175777912 CEST1.1.1.1192.168.2.40x1d70No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175777912 CEST1.1.1.1192.168.2.40x1d70No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.175904036 CEST1.1.1.1192.168.2.40x5b0aNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.177002907 CEST1.1.1.1192.168.2.40x2b42No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST1.1.1.1192.168.2.40x3ccbNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST1.1.1.1192.168.2.40x3ccbNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST1.1.1.1192.168.2.40x3ccbNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST1.1.1.1192.168.2.40x3ccbNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.184238911 CEST1.1.1.1192.168.2.40x3ccbNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.185039997 CEST1.1.1.1192.168.2.40x2de3No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194164038 CEST1.1.1.1192.168.2.40x70bdNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194663048 CEST1.1.1.1192.168.2.40x628dNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194663048 CEST1.1.1.1192.168.2.40x628dNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194663048 CEST1.1.1.1192.168.2.40x628dNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.194663048 CEST1.1.1.1192.168.2.40x628dNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.821069956 CEST1.1.1.1192.168.2.40xc26cNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.821069956 CEST1.1.1.1192.168.2.40xc26cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.829282999 CEST1.1.1.1192.168.2.40xecb0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.844893932 CEST1.1.1.1192.168.2.40x2296No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.844893932 CEST1.1.1.1192.168.2.40x2296No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.844893932 CEST1.1.1.1192.168.2.40x2296No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.844893932 CEST1.1.1.1192.168.2.40x2296No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857913971 CEST1.1.1.1192.168.2.40x5070No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857913971 CEST1.1.1.1192.168.2.40x5070No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857913971 CEST1.1.1.1192.168.2.40x5070No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.857913971 CEST1.1.1.1192.168.2.40x5070No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.865302086 CEST1.1.1.1192.168.2.40x6addNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.865302086 CEST1.1.1.1192.168.2.40x6addNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.874519110 CEST1.1.1.1192.168.2.40xe201No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.429555893 CEST1.1.1.1192.168.2.40xdb40No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.429555893 CEST1.1.1.1192.168.2.40xdb40No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.773391962 CEST1.1.1.1192.168.2.40xd94bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.773391962 CEST1.1.1.1192.168.2.40xd94bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:31.968275070 CEST1.1.1.1192.168.2.40x54c4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  • detectportal.firefox.com
                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.44974034.107.221.82806548C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:03.930226088 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.528767109 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66225
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.44974434.107.221.82806548C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:04.847323895 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.436077118 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78140
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.44975034.107.221.82806548C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:05.703309059 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.298358917 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66227
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.851169109 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:08.976286888 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66229
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.674489975 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.799666882 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66235
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.524084091 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:16.648621082 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66237
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.691291094 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.816030979 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66239
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.973773956 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.098543882 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66241
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.102808952 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.772373915 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.897382975 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66251
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.702359915 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.828903913 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66252
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.377962112 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.502882957 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66253
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.053713083 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.178600073 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66254
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.190542936 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.649754047 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.775886059 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66272
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.526479959 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.651504993 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66278
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.764183044 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.889622927 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66282
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.409225941 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.534528971 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66283
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.539751053 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.546233892 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.560441017 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.602145910 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.726850033 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 90
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                  Age: 66313
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.736809015 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.750152111 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.759648085 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.44975234.107.221.82806548C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:06.428097010 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:07.015106916 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78141
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.474723101 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:09.600790024 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78144
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:14.976624966 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:15.099728107 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78150
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.018600941 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.274722099 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.575607061 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:18.714425087 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78153
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.339129925 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:19.462306976 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78154
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.101540089 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:20.224962950 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78155
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.234230995 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:30.921744108 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.045140982 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78165
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.831751108 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:31.955615997 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78166
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.506198883 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:32.630306959 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78167
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.182066917 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:33.305074930 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78168
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:43.322227955 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.778964043 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:51.903213978 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78186
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.654138088 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:36:57.777343035 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78192
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:01.913815975 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.036958933 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78196
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.537636042 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:02.661015034 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78197
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:12.671279907 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:22.677897930 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.691828966 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.729895115 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                  Host: detectportal.firefox.com
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:32.852945089 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 12:53:45 GMT
                                                                                                                                                                                                                                                  Age: 78227
                                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                  Data Ascii: success
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:42.859417915 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:37:52.887572050 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Oct 24, 2024 12:38:02.896428108 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:06:35:55
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                  Imagebase:0x470000
                                                                                                                                                                                                                                                  File size:919'552 bytes
                                                                                                                                                                                                                                                  MD5 hash:4F84F1E06697752092AEFEC38C505E32
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000003.1718839578.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:06:35:55
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:06:35:55
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0xc80000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                  Start time:06:35:58
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                  Start time:06:35:59
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                  Start time:06:35:59
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3a02f6-4639-4242-a5b9-9a48f9196107} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d59556db10 socket
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:06:36:01
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4244 -parentBuildID 20230927232528 -prefsHandle 2760 -prefMapHandle 4236 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa7db3e-6923-4036-bba0-8e3b5e3a72b8} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a76ed910 rdd
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:06:36:08
                                                                                                                                                                                                                                                  Start date:24/10/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7a4d4c-5c4b-4992-9801-409195ea74b6} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 1d5a92acb10 utility
                                                                                                                                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                  File size:676'768 bytes
                                                                                                                                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:2.1%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:6.7%
                                                                                                                                                                                                                                                    Total number of Nodes:1584
                                                                                                                                                                                                                                                    Total number of Limit Nodes:69
                                                                                                                                                                                                                                                    execution_graph 94342 47dee5 94345 47b710 94342->94345 94346 47b72b 94345->94346 94347 4c00f8 94346->94347 94348 4c0146 94346->94348 94371 47b750 94346->94371 94351 4c0102 94347->94351 94354 4c010f 94347->94354 94347->94371 94411 4f58a2 348 API calls 2 library calls 94348->94411 94409 4f5d33 348 API calls 94351->94409 94367 47ba20 94354->94367 94410 4f61d0 348 API calls 2 library calls 94354->94410 94358 47bbe0 40 API calls 94358->94371 94359 4c03d9 94359->94359 94361 47ba4e 94363 4c0322 94424 4f5c0c 82 API calls 94363->94424 94367->94361 94425 4e359c 82 API calls __wsopen_s 94367->94425 94371->94358 94371->94361 94371->94363 94371->94367 94372 48d336 40 API calls 94371->94372 94376 47ec40 94371->94376 94400 47a81b 41 API calls 94371->94400 94401 48d2f0 40 API calls 94371->94401 94402 48a01b 348 API calls 94371->94402 94403 490242 5 API calls __Init_thread_wait 94371->94403 94404 48edcd 22 API calls 94371->94404 94405 4900a3 29 API calls __onexit 94371->94405 94406 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94371->94406 94407 48ee53 82 API calls 94371->94407 94408 48e5ca 348 API calls 94371->94408 94412 47aceb 94371->94412 94422 4cf6bf 23 API calls 94371->94422 94423 47a8c7 22 API calls __fread_nolock 94371->94423 94372->94371 94396 47ec76 messages 94376->94396 94377 48fddb 22 API calls 94377->94396 94378 4c4beb 94433 4e359c 82 API calls __wsopen_s 94378->94433 94380 47fef7 94394 47ed9d messages 94380->94394 94429 47a8c7 22 API calls __fread_nolock 94380->94429 94382 47f3ae messages 94382->94394 94430 4e359c 82 API calls __wsopen_s 94382->94430 94383 4c4600 94383->94394 94428 47a8c7 22 API calls __fread_nolock 94383->94428 94384 4c4b0b 94431 4e359c 82 API calls __wsopen_s 94384->94431 94385 47a8c7 22 API calls 94385->94396 94391 490242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94391->94396 94392 47fbe3 94392->94382 94392->94394 94395 4c4bdc 94392->94395 94393 47a961 22 API calls 94393->94396 94394->94371 94432 4e359c 82 API calls __wsopen_s 94395->94432 94396->94377 94396->94378 94396->94380 94396->94382 94396->94383 94396->94384 94396->94385 94396->94391 94396->94392 94396->94393 94396->94394 94397 4900a3 29 API calls pre_c_initialization 94396->94397 94399 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94396->94399 94426 4801e0 348 API calls 2 library calls 94396->94426 94427 4806a0 41 API calls messages 94396->94427 94397->94396 94399->94396 94400->94371 94401->94371 94402->94371 94403->94371 94404->94371 94405->94371 94406->94371 94407->94371 94408->94371 94409->94354 94410->94367 94411->94371 94413 47acf9 94412->94413 94421 47ad2a messages 94412->94421 94414 47ad01 messages 94413->94414 94415 47ad55 94413->94415 94417 4bfa48 94414->94417 94418 47ad21 94414->94418 94414->94421 94415->94421 94434 47a8c7 22 API calls __fread_nolock 94415->94434 94417->94421 94435 48ce17 22 API calls messages 94417->94435 94419 4bfa3a VariantClear 94418->94419 94418->94421 94419->94421 94421->94371 94422->94371 94423->94371 94424->94367 94425->94359 94426->94396 94427->94396 94428->94394 94429->94394 94430->94394 94431->94394 94432->94378 94433->94394 94434->94421 94435->94421 94436 471044 94441 4710f3 94436->94441 94438 47104a 94477 4900a3 29 API calls __onexit 94438->94477 94440 471054 94478 471398 94441->94478 94445 47116a 94488 47a961 94445->94488 94448 47a961 22 API calls 94449 47117e 94448->94449 94450 47a961 22 API calls 94449->94450 94451 471188 94450->94451 94452 47a961 22 API calls 94451->94452 94453 4711c6 94452->94453 94454 47a961 22 API calls 94453->94454 94455 471292 94454->94455 94493 47171c 94455->94493 94459 4712c4 94460 47a961 22 API calls 94459->94460 94461 4712ce 94460->94461 94514 481940 94461->94514 94463 4712f9 94524 471aab 94463->94524 94465 471315 94466 471325 GetStdHandle 94465->94466 94467 4b2485 94466->94467 94469 47137a 94466->94469 94468 4b248e 94467->94468 94467->94469 94531 48fddb 94468->94531 94472 471387 OleInitialize 94469->94472 94471 4b2495 94541 4e011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94471->94541 94472->94438 94474 4b249e 94542 4e0944 CreateThread 94474->94542 94476 4b24aa CloseHandle 94476->94469 94477->94440 94543 4713f1 94478->94543 94481 4713f1 22 API calls 94482 4713d0 94481->94482 94483 47a961 22 API calls 94482->94483 94484 4713dc 94483->94484 94550 476b57 94484->94550 94486 471129 94487 471bc3 6 API calls 94486->94487 94487->94445 94489 48fe0b 22 API calls 94488->94489 94490 47a976 94489->94490 94491 48fddb 22 API calls 94490->94491 94492 471174 94491->94492 94492->94448 94494 47a961 22 API calls 94493->94494 94495 47172c 94494->94495 94496 47a961 22 API calls 94495->94496 94497 471734 94496->94497 94498 47a961 22 API calls 94497->94498 94499 47174f 94498->94499 94500 48fddb 22 API calls 94499->94500 94501 47129c 94500->94501 94502 471b4a 94501->94502 94503 471b58 94502->94503 94504 47a961 22 API calls 94503->94504 94505 471b63 94504->94505 94506 47a961 22 API calls 94505->94506 94507 471b6e 94506->94507 94508 47a961 22 API calls 94507->94508 94509 471b79 94508->94509 94510 47a961 22 API calls 94509->94510 94511 471b84 94510->94511 94512 48fddb 22 API calls 94511->94512 94513 471b96 RegisterWindowMessageW 94512->94513 94513->94459 94515 481981 94514->94515 94523 48195d 94514->94523 94595 490242 5 API calls __Init_thread_wait 94515->94595 94516 48196e 94516->94463 94519 48198b 94519->94523 94596 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94519->94596 94520 488727 94520->94516 94598 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94520->94598 94523->94516 94597 490242 5 API calls __Init_thread_wait 94523->94597 94525 4b272d 94524->94525 94526 471abb 94524->94526 94599 4e3209 23 API calls 94525->94599 94527 48fddb 22 API calls 94526->94527 94529 471ac3 94527->94529 94529->94465 94530 4b2738 94534 48fde0 94531->94534 94532 49ea0c ___std_exception_copy 21 API calls 94532->94534 94533 48fdfa 94533->94471 94534->94532 94534->94533 94537 48fdfc 94534->94537 94600 494ead 7 API calls 2 library calls 94534->94600 94536 49066d 94602 4932a4 RaiseException 94536->94602 94537->94536 94601 4932a4 RaiseException 94537->94601 94539 49068a 94539->94471 94541->94474 94542->94476 94603 4e092a 28 API calls 94542->94603 94544 47a961 22 API calls 94543->94544 94545 4713fc 94544->94545 94546 47a961 22 API calls 94545->94546 94547 471404 94546->94547 94548 47a961 22 API calls 94547->94548 94549 4713c6 94548->94549 94549->94481 94551 476b67 _wcslen 94550->94551 94552 4b4ba1 94550->94552 94555 476ba2 94551->94555 94556 476b7d 94551->94556 94573 4793b2 94552->94573 94554 4b4baa 94554->94554 94558 48fddb 22 API calls 94555->94558 94562 476f34 22 API calls 94556->94562 94560 476bae 94558->94560 94559 476b85 __fread_nolock 94559->94486 94563 48fe0b 94560->94563 94562->94559 94566 48fddb 94563->94566 94565 48fdfa 94565->94559 94566->94565 94569 48fdfc 94566->94569 94577 49ea0c 94566->94577 94584 494ead 7 API calls 2 library calls 94566->94584 94568 49066d 94586 4932a4 RaiseException 94568->94586 94569->94568 94585 4932a4 RaiseException 94569->94585 94571 49068a 94571->94559 94574 4793c0 94573->94574 94575 4793c9 __fread_nolock 94573->94575 94574->94575 94589 47aec9 94574->94589 94575->94554 94575->94575 94582 4a3820 _abort 94577->94582 94578 4a385e 94588 49f2d9 20 API calls _abort 94578->94588 94580 4a3849 RtlAllocateHeap 94581 4a385c 94580->94581 94580->94582 94581->94566 94582->94578 94582->94580 94587 494ead 7 API calls 2 library calls 94582->94587 94584->94566 94585->94568 94586->94571 94587->94582 94588->94581 94590 47aedc 94589->94590 94591 47aed9 __fread_nolock 94589->94591 94592 48fddb 22 API calls 94590->94592 94591->94575 94593 47aee7 94592->94593 94594 48fe0b 22 API calls 94593->94594 94594->94591 94595->94519 94596->94523 94597->94520 94598->94516 94599->94530 94600->94534 94601->94536 94602->94539 94604 472de3 94605 472df0 __wsopen_s 94604->94605 94606 472e09 94605->94606 94608 4b2c2b ___scrt_fastfail 94605->94608 94620 473aa2 94606->94620 94610 4b2c47 GetOpenFileNameW 94608->94610 94612 4b2c96 94610->94612 94613 476b57 22 API calls 94612->94613 94615 4b2cab 94613->94615 94615->94615 94617 472e27 94648 4744a8 94617->94648 94677 4b1f50 94620->94677 94623 473ace 94625 476b57 22 API calls 94623->94625 94624 473ae9 94683 47a6c3 94624->94683 94627 473ada 94625->94627 94679 4737a0 94627->94679 94630 472da5 94631 4b1f50 __wsopen_s 94630->94631 94632 472db2 GetLongPathNameW 94631->94632 94633 476b57 22 API calls 94632->94633 94634 472dda 94633->94634 94635 473598 94634->94635 94636 47a961 22 API calls 94635->94636 94637 4735aa 94636->94637 94638 473aa2 23 API calls 94637->94638 94639 4735b5 94638->94639 94640 4735c0 94639->94640 94644 4b32eb 94639->94644 94689 47515f 94640->94689 94646 4b330d 94644->94646 94701 48ce60 41 API calls 94644->94701 94647 4735df 94647->94617 94702 474ecb 94648->94702 94651 4b3833 94724 4e2cf9 94651->94724 94652 474ecb 94 API calls 94655 4744e1 94652->94655 94654 4b3848 94656 4b3869 94654->94656 94657 4b384c 94654->94657 94655->94651 94658 4744e9 94655->94658 94660 48fe0b 22 API calls 94656->94660 94751 474f39 94657->94751 94661 4744f5 94658->94661 94662 4b3854 94658->94662 94670 4b38ae 94660->94670 94750 47940c 136 API calls 2 library calls 94661->94750 94757 4dda5a 82 API calls 94662->94757 94665 4b3862 94665->94656 94666 472e31 94667 474f39 68 API calls 94671 4b3a5f 94667->94671 94670->94671 94674 479cb3 22 API calls 94670->94674 94758 4d967e 22 API calls __fread_nolock 94670->94758 94759 4d95ad 42 API calls _wcslen 94670->94759 94760 4e0b5a 22 API calls 94670->94760 94761 47a4a1 22 API calls __fread_nolock 94670->94761 94762 473ff7 22 API calls 94670->94762 94671->94667 94763 4d989b 82 API calls __wsopen_s 94671->94763 94674->94670 94678 473aaf GetFullPathNameW 94677->94678 94678->94623 94678->94624 94680 4737ae 94679->94680 94681 4793b2 22 API calls 94680->94681 94682 472e12 94681->94682 94682->94630 94684 47a6dd 94683->94684 94688 47a6d0 94683->94688 94685 48fddb 22 API calls 94684->94685 94686 47a6e7 94685->94686 94687 48fe0b 22 API calls 94686->94687 94687->94688 94688->94627 94691 47516e 94689->94691 94694 47518f __fread_nolock 94689->94694 94690 48fddb 22 API calls 94692 4735cc 94690->94692 94693 48fe0b 22 API calls 94691->94693 94695 4735f3 94692->94695 94693->94694 94694->94690 94696 473605 94695->94696 94700 473624 __fread_nolock 94695->94700 94699 48fe0b 22 API calls 94696->94699 94697 48fddb 22 API calls 94698 47363b 94697->94698 94698->94647 94699->94700 94700->94697 94701->94644 94764 474e90 LoadLibraryA 94702->94764 94707 474ef6 LoadLibraryExW 94772 474e59 LoadLibraryA 94707->94772 94708 4b3ccf 94710 474f39 68 API calls 94708->94710 94711 4b3cd6 94710->94711 94713 474e59 3 API calls 94711->94713 94715 4b3cde 94713->94715 94794 4750f5 40 API calls __fread_nolock 94715->94794 94716 474f20 94716->94715 94717 474f2c 94716->94717 94719 474f39 68 API calls 94717->94719 94721 4744cd 94719->94721 94720 4b3cf5 94795 4e28fe 27 API calls 94720->94795 94721->94651 94721->94652 94723 4b3d05 94725 4e2d15 94724->94725 94878 47511f 64 API calls 94725->94878 94727 4e2d29 94879 4e2e66 75 API calls 94727->94879 94729 4e2d3b 94730 4e2d3f 94729->94730 94880 4750f5 40 API calls __fread_nolock 94729->94880 94730->94654 94732 4e2d56 94881 4750f5 40 API calls __fread_nolock 94732->94881 94734 4e2d66 94882 4750f5 40 API calls __fread_nolock 94734->94882 94736 4e2d81 94883 4750f5 40 API calls __fread_nolock 94736->94883 94738 4e2d9c 94884 47511f 64 API calls 94738->94884 94740 4e2db3 94741 49ea0c ___std_exception_copy 21 API calls 94740->94741 94742 4e2dba 94741->94742 94743 49ea0c ___std_exception_copy 21 API calls 94742->94743 94744 4e2dc4 94743->94744 94885 4750f5 40 API calls __fread_nolock 94744->94885 94746 4e2dd8 94886 4e28fe 27 API calls 94746->94886 94748 4e2dee 94748->94730 94887 4e22ce 94748->94887 94750->94666 94752 474f43 94751->94752 94754 474f4a 94751->94754 94753 49e678 67 API calls 94752->94753 94753->94754 94755 474f6a FreeLibrary 94754->94755 94756 474f59 94754->94756 94755->94756 94756->94662 94757->94665 94758->94670 94759->94670 94760->94670 94761->94670 94762->94670 94763->94671 94765 474ec6 94764->94765 94766 474ea8 GetProcAddress 94764->94766 94769 49e5eb 94765->94769 94767 474eb8 94766->94767 94767->94765 94768 474ebf FreeLibrary 94767->94768 94768->94765 94796 49e52a 94769->94796 94771 474eea 94771->94707 94771->94708 94773 474e6e GetProcAddress 94772->94773 94774 474e8d 94772->94774 94775 474e7e 94773->94775 94777 474f80 94774->94777 94775->94774 94776 474e86 FreeLibrary 94775->94776 94776->94774 94778 48fe0b 22 API calls 94777->94778 94779 474f95 94778->94779 94864 475722 94779->94864 94781 474fa1 __fread_nolock 94782 4750a5 94781->94782 94783 4b3d1d 94781->94783 94793 474fdc 94781->94793 94867 4742a2 CreateStreamOnHGlobal 94782->94867 94875 4e304d 74 API calls 94783->94875 94786 4b3d22 94876 47511f 64 API calls 94786->94876 94789 4b3d45 94877 4750f5 40 API calls __fread_nolock 94789->94877 94792 47506e messages 94792->94716 94793->94786 94793->94792 94873 4750f5 40 API calls __fread_nolock 94793->94873 94874 47511f 64 API calls 94793->94874 94794->94720 94795->94723 94799 49e536 ___scrt_is_nonwritable_in_current_image 94796->94799 94797 49e544 94821 49f2d9 20 API calls _abort 94797->94821 94799->94797 94801 49e574 94799->94801 94800 49e549 94822 4a27ec 26 API calls _abort 94800->94822 94803 49e579 94801->94803 94804 49e586 94801->94804 94823 49f2d9 20 API calls _abort 94803->94823 94813 4a8061 94804->94813 94807 49e58f 94808 49e5a2 94807->94808 94809 49e595 94807->94809 94825 49e5d4 LeaveCriticalSection __fread_nolock 94808->94825 94824 49f2d9 20 API calls _abort 94809->94824 94810 49e554 __wsopen_s 94810->94771 94814 4a806d ___scrt_is_nonwritable_in_current_image 94813->94814 94826 4a2f5e EnterCriticalSection 94814->94826 94816 4a807b 94827 4a80fb 94816->94827 94820 4a80ac __wsopen_s 94820->94807 94821->94800 94822->94810 94823->94810 94824->94810 94825->94810 94826->94816 94836 4a811e 94827->94836 94828 4a8088 94840 4a80b7 94828->94840 94829 4a8177 94845 4a4c7d 94829->94845 94834 4a8189 94834->94828 94858 4a3405 11 API calls 2 library calls 94834->94858 94836->94828 94836->94829 94843 49918d EnterCriticalSection 94836->94843 94844 4991a1 LeaveCriticalSection 94836->94844 94837 4a81a8 94859 49918d EnterCriticalSection 94837->94859 94863 4a2fa6 LeaveCriticalSection 94840->94863 94842 4a80be 94842->94820 94843->94836 94844->94836 94851 4a4c8a _abort 94845->94851 94846 4a4cca 94861 49f2d9 20 API calls _abort 94846->94861 94847 4a4cb5 RtlAllocateHeap 94849 4a4cc8 94847->94849 94847->94851 94852 4a29c8 94849->94852 94851->94846 94851->94847 94860 494ead 7 API calls 2 library calls 94851->94860 94853 4a29d3 RtlFreeHeap 94852->94853 94857 4a29fc _free 94852->94857 94854 4a29e8 94853->94854 94853->94857 94862 49f2d9 20 API calls _abort 94854->94862 94856 4a29ee GetLastError 94856->94857 94857->94834 94858->94837 94859->94828 94860->94851 94861->94849 94862->94856 94863->94842 94865 48fddb 22 API calls 94864->94865 94866 475734 94865->94866 94866->94781 94868 4742bc FindResourceExW 94867->94868 94872 4742d9 94867->94872 94869 4b35ba LoadResource 94868->94869 94868->94872 94870 4b35cf SizeofResource 94869->94870 94869->94872 94871 4b35e3 LockResource 94870->94871 94870->94872 94871->94872 94872->94793 94873->94793 94874->94793 94875->94786 94876->94789 94877->94792 94878->94727 94879->94729 94880->94732 94881->94734 94882->94736 94883->94738 94884->94740 94885->94746 94886->94748 94888 4e22d9 94887->94888 94891 4e22e7 94887->94891 94889 49e5eb 29 API calls 94888->94889 94889->94891 94890 4e232c 94916 4e2557 40 API calls __fread_nolock 94890->94916 94891->94890 94892 49e5eb 29 API calls 94891->94892 94915 4e22f0 94891->94915 94894 4e2311 94892->94894 94894->94890 94896 4e231a 94894->94896 94895 4e2370 94897 4e2374 94895->94897 94898 4e2395 94895->94898 94896->94915 94924 49e678 94896->94924 94899 4e2381 94897->94899 94902 49e678 67 API calls 94897->94902 94917 4e2171 94898->94917 94906 49e678 67 API calls 94899->94906 94899->94915 94902->94899 94903 4e239d 94904 4e23c3 94903->94904 94905 4e23a3 94903->94905 94937 4e23f3 74 API calls 94904->94937 94907 4e23b0 94905->94907 94909 49e678 67 API calls 94905->94909 94906->94915 94910 49e678 67 API calls 94907->94910 94907->94915 94909->94907 94910->94915 94911 4e23de 94914 49e678 67 API calls 94911->94914 94911->94915 94912 4e23ca 94912->94911 94913 49e678 67 API calls 94912->94913 94913->94911 94914->94915 94915->94730 94916->94895 94918 49ea0c ___std_exception_copy 21 API calls 94917->94918 94919 4e217f 94918->94919 94920 49ea0c ___std_exception_copy 21 API calls 94919->94920 94921 4e2190 94920->94921 94922 49ea0c ___std_exception_copy 21 API calls 94921->94922 94923 4e219c 94922->94923 94923->94903 94925 49e684 ___scrt_is_nonwritable_in_current_image 94924->94925 94926 49e6aa 94925->94926 94927 49e695 94925->94927 94936 49e6a5 __wsopen_s 94926->94936 94938 49918d EnterCriticalSection 94926->94938 94955 49f2d9 20 API calls _abort 94927->94955 94929 49e69a 94956 4a27ec 26 API calls _abort 94929->94956 94932 49e6c6 94939 49e602 94932->94939 94934 49e6d1 94957 49e6ee LeaveCriticalSection __fread_nolock 94934->94957 94936->94915 94937->94912 94938->94932 94940 49e60f 94939->94940 94941 49e624 94939->94941 94990 49f2d9 20 API calls _abort 94940->94990 94946 49e61f 94941->94946 94958 49dc0b 94941->94958 94943 49e614 94991 4a27ec 26 API calls _abort 94943->94991 94946->94934 94951 49e646 94975 4a862f 94951->94975 94954 4a29c8 _free 20 API calls 94954->94946 94955->94929 94956->94936 94957->94936 94959 49dc23 94958->94959 94961 49dc1f 94958->94961 94960 49d955 __fread_nolock 26 API calls 94959->94960 94959->94961 94962 49dc43 94960->94962 94964 4a4d7a 94961->94964 94992 4a59be 62 API calls 5 library calls 94962->94992 94965 4a4d90 94964->94965 94966 49e640 94964->94966 94965->94966 94967 4a29c8 _free 20 API calls 94965->94967 94968 49d955 94966->94968 94967->94966 94969 49d961 94968->94969 94970 49d976 94968->94970 94993 49f2d9 20 API calls _abort 94969->94993 94970->94951 94972 49d966 94994 4a27ec 26 API calls _abort 94972->94994 94974 49d971 94974->94951 94976 4a863e 94975->94976 94977 4a8653 94975->94977 94998 49f2c6 20 API calls _abort 94976->94998 94978 4a868e 94977->94978 94982 4a867a 94977->94982 95000 49f2c6 20 API calls _abort 94978->95000 94981 4a8643 94999 49f2d9 20 API calls _abort 94981->94999 94995 4a8607 94982->94995 94983 4a8693 95001 49f2d9 20 API calls _abort 94983->95001 94987 49e64c 94987->94946 94987->94954 94988 4a869b 95002 4a27ec 26 API calls _abort 94988->95002 94990->94943 94991->94946 94992->94961 94993->94972 94994->94974 95003 4a8585 94995->95003 94997 4a862b 94997->94987 94998->94981 94999->94987 95000->94983 95001->94988 95002->94987 95004 4a8591 ___scrt_is_nonwritable_in_current_image 95003->95004 95014 4a5147 EnterCriticalSection 95004->95014 95006 4a859f 95007 4a85d1 95006->95007 95008 4a85c6 95006->95008 95030 49f2d9 20 API calls _abort 95007->95030 95015 4a86ae 95008->95015 95011 4a85cc 95031 4a85fb LeaveCriticalSection __wsopen_s 95011->95031 95013 4a85ee __wsopen_s 95013->94997 95014->95006 95032 4a53c4 95015->95032 95017 4a86c4 95045 4a5333 21 API calls 3 library calls 95017->95045 95019 4a86be 95019->95017 95021 4a53c4 __wsopen_s 26 API calls 95019->95021 95029 4a86f6 95019->95029 95020 4a871c 95028 4a873e 95020->95028 95046 49f2a3 20 API calls 2 library calls 95020->95046 95024 4a86ed 95021->95024 95022 4a53c4 __wsopen_s 26 API calls 95023 4a8702 CloseHandle 95022->95023 95023->95017 95025 4a870e GetLastError 95023->95025 95027 4a53c4 __wsopen_s 26 API calls 95024->95027 95025->95017 95027->95029 95028->95011 95029->95017 95029->95022 95030->95011 95031->95013 95033 4a53d1 95032->95033 95034 4a53e6 95032->95034 95035 49f2c6 __dosmaperr 20 API calls 95033->95035 95036 49f2c6 __dosmaperr 20 API calls 95034->95036 95038 4a540b 95034->95038 95037 4a53d6 95035->95037 95039 4a5416 95036->95039 95040 49f2d9 _free 20 API calls 95037->95040 95038->95019 95042 49f2d9 _free 20 API calls 95039->95042 95041 4a53de 95040->95041 95041->95019 95043 4a541e 95042->95043 95044 4a27ec _abort 26 API calls 95043->95044 95044->95041 95045->95020 95046->95028 95047 502a55 95055 4e1ebc 95047->95055 95050 502a70 95057 4d39c0 22 API calls 95050->95057 95051 502a87 95053 502a7c 95058 4d417d 22 API calls __fread_nolock 95053->95058 95056 4e1ec3 IsWindow 95055->95056 95056->95050 95056->95051 95057->95053 95058->95051 95059 4a8402 95064 4a81be 95059->95064 95062 4a842a 95069 4a81ef try_get_first_available_module 95064->95069 95066 4a83ee 95083 4a27ec 26 API calls _abort 95066->95083 95068 4a8343 95068->95062 95076 4b0984 95068->95076 95072 4a8338 95069->95072 95079 498e0b 40 API calls 2 library calls 95069->95079 95071 4a838c 95071->95072 95080 498e0b 40 API calls 2 library calls 95071->95080 95072->95068 95082 49f2d9 20 API calls _abort 95072->95082 95074 4a83ab 95074->95072 95081 498e0b 40 API calls 2 library calls 95074->95081 95084 4b0081 95076->95084 95078 4b099f 95078->95062 95079->95071 95080->95074 95081->95072 95082->95066 95083->95068 95087 4b008d ___scrt_is_nonwritable_in_current_image 95084->95087 95085 4b009b 95141 49f2d9 20 API calls _abort 95085->95141 95087->95085 95089 4b00d4 95087->95089 95088 4b00a0 95142 4a27ec 26 API calls _abort 95088->95142 95095 4b065b 95089->95095 95094 4b00aa __wsopen_s 95094->95078 95096 4b0678 95095->95096 95097 4b068d 95096->95097 95098 4b06a6 95096->95098 95158 49f2c6 20 API calls _abort 95097->95158 95144 4a5221 95098->95144 95101 4b06ab 95102 4b06cb 95101->95102 95103 4b06b4 95101->95103 95157 4b039a CreateFileW 95102->95157 95160 49f2c6 20 API calls _abort 95103->95160 95107 4b06b9 95161 49f2d9 20 API calls _abort 95107->95161 95108 4b0781 GetFileType 95113 4b078c GetLastError 95108->95113 95114 4b07d3 95108->95114 95109 4b0704 95109->95108 95112 4b0756 GetLastError 95109->95112 95162 4b039a CreateFileW 95109->95162 95110 4b00f8 95143 4b0121 LeaveCriticalSection __wsopen_s 95110->95143 95163 49f2a3 20 API calls 2 library calls 95112->95163 95164 49f2a3 20 API calls 2 library calls 95113->95164 95166 4a516a 21 API calls 3 library calls 95114->95166 95115 4b0692 95159 49f2d9 20 API calls _abort 95115->95159 95119 4b079a CloseHandle 95119->95115 95122 4b07c3 95119->95122 95121 4b0749 95121->95108 95121->95112 95165 49f2d9 20 API calls _abort 95122->95165 95123 4b07f4 95126 4b0840 95123->95126 95167 4b05ab 72 API calls 4 library calls 95123->95167 95125 4b07c8 95125->95115 95130 4b086d 95126->95130 95168 4b014d 72 API calls 4 library calls 95126->95168 95129 4b0866 95129->95130 95131 4b087e 95129->95131 95132 4a86ae __wsopen_s 29 API calls 95130->95132 95131->95110 95133 4b08fc CloseHandle 95131->95133 95132->95110 95169 4b039a CreateFileW 95133->95169 95135 4b0927 95136 4b095d 95135->95136 95137 4b0931 GetLastError 95135->95137 95136->95110 95170 49f2a3 20 API calls 2 library calls 95137->95170 95139 4b093d 95171 4a5333 21 API calls 3 library calls 95139->95171 95141->95088 95142->95094 95143->95094 95145 4a522d ___scrt_is_nonwritable_in_current_image 95144->95145 95172 4a2f5e EnterCriticalSection 95145->95172 95147 4a527b 95173 4a532a 95147->95173 95148 4a5259 95176 4a5000 95148->95176 95149 4a5234 95149->95147 95149->95148 95154 4a52c7 EnterCriticalSection 95149->95154 95151 4a52a4 __wsopen_s 95151->95101 95154->95147 95155 4a52d4 LeaveCriticalSection 95154->95155 95155->95149 95157->95109 95158->95115 95159->95110 95160->95107 95161->95115 95162->95121 95163->95115 95164->95119 95165->95125 95166->95123 95167->95126 95168->95129 95169->95135 95170->95139 95171->95136 95172->95149 95184 4a2fa6 LeaveCriticalSection 95173->95184 95175 4a5331 95175->95151 95177 4a4c7d _abort 20 API calls 95176->95177 95178 4a5012 95177->95178 95182 4a501f 95178->95182 95185 4a3405 11 API calls 2 library calls 95178->95185 95179 4a29c8 _free 20 API calls 95181 4a5071 95179->95181 95181->95147 95183 4a5147 EnterCriticalSection 95181->95183 95182->95179 95183->95147 95184->95175 95185->95178 95186 4b2402 95189 471410 95186->95189 95190 4b24b8 DestroyWindow 95189->95190 95191 47144f mciSendStringW 95189->95191 95204 4b24c4 95190->95204 95192 4716c6 95191->95192 95193 47146b 95191->95193 95192->95193 95195 4716d5 UnregisterHotKey 95192->95195 95194 471479 95193->95194 95193->95204 95222 47182e 95194->95222 95195->95192 95197 4b2509 95203 4b251c FreeLibrary 95197->95203 95205 4b252d 95197->95205 95198 4b24d8 95198->95204 95228 476246 CloseHandle 95198->95228 95199 4b24e2 FindClose 95199->95204 95202 47148e 95202->95205 95210 47149c 95202->95210 95203->95197 95204->95197 95204->95198 95204->95199 95206 4b2541 VirtualFree 95205->95206 95213 471509 95205->95213 95206->95205 95207 4714f8 CoUninitialize 95207->95213 95208 4b2589 95215 4b2598 messages 95208->95215 95229 4e32eb 6 API calls messages 95208->95229 95209 471514 95212 471524 95209->95212 95210->95207 95226 471944 VirtualFreeEx CloseHandle 95212->95226 95213->95208 95213->95209 95218 4b2627 95215->95218 95230 4d64d4 22 API calls messages 95215->95230 95216 47153a 95216->95215 95219 47161f 95216->95219 95218->95218 95219->95218 95227 471876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95219->95227 95221 4716c1 95223 47183b 95222->95223 95224 471480 95223->95224 95231 4d702a 22 API calls 95223->95231 95224->95197 95224->95202 95226->95216 95227->95221 95228->95198 95229->95208 95230->95215 95231->95223 95232 471cad SystemParametersInfoW 95233 4c2a00 95248 47d7b0 messages 95233->95248 95234 47db11 PeekMessageW 95234->95248 95235 47d807 GetInputState 95235->95234 95235->95248 95237 4c1cbe TranslateAcceleratorW 95237->95248 95238 47da04 timeGetTime 95238->95248 95239 47db73 TranslateMessage DispatchMessageW 95240 47db8f PeekMessageW 95239->95240 95240->95248 95241 47dbaf Sleep 95241->95248 95242 4c2b74 Sleep 95255 4c2a51 95242->95255 95245 4c1dda timeGetTime 95394 48e300 23 API calls 95245->95394 95248->95234 95248->95235 95248->95237 95248->95238 95248->95239 95248->95240 95248->95241 95248->95242 95248->95245 95251 47d9d5 95248->95251 95248->95255 95261 47ec40 348 API calls 95248->95261 95265 47dd50 95248->95265 95272 481310 95248->95272 95329 47bf40 95248->95329 95387 48edf6 95248->95387 95392 47dfd0 348 API calls 3 library calls 95248->95392 95393 48e551 timeGetTime 95248->95393 95395 4e3a2a 23 API calls 95248->95395 95396 4e359c 82 API calls __wsopen_s 95248->95396 95249 4c2c0b GetExitCodeProcess 95252 4c2c37 CloseHandle 95249->95252 95253 4c2c21 WaitForSingleObject 95249->95253 95252->95255 95253->95248 95253->95252 95254 5029bf GetForegroundWindow 95254->95255 95255->95248 95255->95249 95255->95251 95255->95254 95256 4c2ca9 Sleep 95255->95256 95397 4f5658 23 API calls 95255->95397 95398 4de97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95255->95398 95399 48e551 timeGetTime 95255->95399 95400 4dd4dc CreateToolhelp32Snapshot Process32FirstW 95255->95400 95256->95248 95261->95248 95266 47dd83 95265->95266 95267 47dd6f 95265->95267 95442 4e359c 82 API calls __wsopen_s 95266->95442 95410 47d260 95267->95410 95269 47dd7a 95269->95248 95271 4c2f75 95271->95271 95273 4817b0 95272->95273 95274 481376 95272->95274 95481 490242 5 API calls __Init_thread_wait 95273->95481 95275 481390 95274->95275 95276 4c6331 95274->95276 95278 481940 9 API calls 95275->95278 95491 4f709c 348 API calls 95276->95491 95281 4813a0 95278->95281 95280 4817ba 95283 4817fb 95280->95283 95482 479cb3 95280->95482 95284 481940 9 API calls 95281->95284 95282 4c633d 95282->95248 95287 4c6346 95283->95287 95289 48182c 95283->95289 95286 4813b6 95284->95286 95286->95283 95288 4813ec 95286->95288 95492 4e359c 82 API calls __wsopen_s 95287->95492 95288->95287 95312 481408 __fread_nolock 95288->95312 95290 47aceb 23 API calls 95289->95290 95292 481839 95290->95292 95489 48d217 348 API calls 95292->95489 95293 4817d4 95488 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95293->95488 95296 4c636e 95493 4e359c 82 API calls __wsopen_s 95296->95493 95298 48152f 95299 48153c 95298->95299 95300 4c63d1 95298->95300 95301 481940 9 API calls 95299->95301 95495 4f5745 54 API calls _wcslen 95300->95495 95303 481549 95301->95303 95306 4c64fa 95303->95306 95309 481940 9 API calls 95303->95309 95304 48fddb 22 API calls 95304->95312 95305 48fe0b 22 API calls 95305->95312 95316 4c6369 95306->95316 95497 4e359c 82 API calls __wsopen_s 95306->95497 95307 481872 95490 48faeb 23 API calls 95307->95490 95314 481563 95309->95314 95311 47ec40 348 API calls 95311->95312 95312->95292 95312->95296 95312->95298 95312->95304 95312->95305 95312->95311 95313 4c63b2 95312->95313 95312->95316 95494 4e359c 82 API calls __wsopen_s 95313->95494 95314->95306 95319 4815c7 messages 95314->95319 95496 47a8c7 22 API calls __fread_nolock 95314->95496 95316->95248 95318 481940 9 API calls 95318->95319 95319->95306 95319->95307 95319->95316 95319->95318 95321 48167b messages 95319->95321 95452 4fab67 95319->95452 95455 4fabf7 95319->95455 95460 48f645 95319->95460 95467 4e5c5a 95319->95467 95472 501591 95319->95472 95475 4fa2ea 95319->95475 95320 48171d 95320->95248 95321->95320 95480 48ce17 22 API calls messages 95321->95480 95669 47adf0 95329->95669 95331 47bf9d 95332 4c04b6 95331->95332 95333 47bfa9 95331->95333 95687 4e359c 82 API calls __wsopen_s 95332->95687 95335 4c04c6 95333->95335 95336 47c01e 95333->95336 95688 4e359c 82 API calls __wsopen_s 95335->95688 95674 47ac91 95336->95674 95340 47c7da 95344 48fe0b 22 API calls 95340->95344 95341 4d7120 22 API calls 95372 47c039 __fread_nolock messages 95341->95372 95351 47c808 __fread_nolock 95344->95351 95347 4c04f5 95349 4c055a 95347->95349 95689 48d217 348 API calls 95347->95689 95386 47c603 95349->95386 95690 4e359c 82 API calls __wsopen_s 95349->95690 95350 47ec40 348 API calls 95350->95372 95353 48fe0b 22 API calls 95351->95353 95352 4c091a 95699 4e3209 23 API calls 95352->95699 95371 47c350 __fread_nolock messages 95353->95371 95354 47af8a 22 API calls 95354->95372 95357 4c08a5 95358 47ec40 348 API calls 95357->95358 95360 4c08cf 95358->95360 95360->95386 95697 47a81b 41 API calls 95360->95697 95361 4c0591 95691 4e359c 82 API calls __wsopen_s 95361->95691 95362 4c08f6 95698 4e359c 82 API calls __wsopen_s 95362->95698 95367 47c3ac 95367->95248 95368 47aceb 23 API calls 95368->95372 95369 47c237 95370 47c253 95369->95370 95700 47a8c7 22 API calls __fread_nolock 95369->95700 95374 4c0976 95370->95374 95379 47c297 messages 95370->95379 95371->95367 95686 48ce17 22 API calls messages 95371->95686 95372->95340 95372->95341 95372->95347 95372->95349 95372->95350 95372->95351 95372->95352 95372->95354 95372->95357 95372->95361 95372->95362 95372->95368 95372->95369 95375 48fddb 22 API calls 95372->95375 95378 4c09bf 95372->95378 95382 47bbe0 40 API calls 95372->95382 95385 48fe0b 22 API calls 95372->95385 95372->95386 95678 47ad81 95372->95678 95692 4d7099 22 API calls __fread_nolock 95372->95692 95693 4f5745 54 API calls _wcslen 95372->95693 95694 48aa42 22 API calls messages 95372->95694 95695 4df05c 40 API calls 95372->95695 95696 47a993 41 API calls 95372->95696 95377 47aceb 23 API calls 95374->95377 95375->95372 95377->95378 95378->95386 95701 4e359c 82 API calls __wsopen_s 95378->95701 95379->95378 95380 47aceb 23 API calls 95379->95380 95381 47c335 95380->95381 95381->95378 95383 47c342 95381->95383 95382->95372 95685 47a704 22 API calls messages 95383->95685 95385->95372 95386->95248 95389 48ee12 95387->95389 95390 48ee09 95387->95390 95388 48ee36 IsDialogMessageW 95388->95389 95388->95390 95389->95388 95389->95390 95391 4cefaf GetClassLongW 95389->95391 95390->95248 95391->95388 95391->95389 95392->95248 95393->95248 95394->95248 95395->95248 95396->95248 95397->95255 95398->95255 95399->95255 95711 4ddef7 95400->95711 95402 4dd529 Process32NextW 95403 4dd5db CloseHandle 95402->95403 95409 4dd522 95402->95409 95403->95255 95404 47a961 22 API calls 95404->95409 95405 479cb3 22 API calls 95405->95409 95409->95402 95409->95403 95409->95404 95409->95405 95717 47525f 22 API calls 95409->95717 95718 476350 22 API calls 95409->95718 95719 48ce60 41 API calls 95409->95719 95411 47ec40 348 API calls 95410->95411 95428 47d29d 95411->95428 95412 4c1bc4 95451 4e359c 82 API calls __wsopen_s 95412->95451 95414 47d30b messages 95414->95269 95415 47d6d5 95415->95414 95426 48fe0b 22 API calls 95415->95426 95416 47d3c3 95416->95415 95417 47d3ce 95416->95417 95419 48fddb 22 API calls 95417->95419 95418 47d5ff 95420 47d614 95418->95420 95421 4c1bb5 95418->95421 95431 47d3d5 __fread_nolock 95419->95431 95423 48fddb 22 API calls 95420->95423 95450 4f5705 23 API calls 95421->95450 95422 47d4b8 95427 48fe0b 22 API calls 95422->95427 95434 47d46a 95423->95434 95425 48fddb 22 API calls 95425->95428 95426->95431 95437 47d429 __fread_nolock messages 95427->95437 95428->95412 95428->95414 95428->95415 95428->95416 95428->95422 95428->95425 95428->95437 95429 48fddb 22 API calls 95430 47d3f6 95429->95430 95430->95437 95443 47bec0 348 API calls 95430->95443 95431->95429 95431->95430 95433 4c1ba4 95449 4e359c 82 API calls __wsopen_s 95433->95449 95434->95269 95437->95418 95437->95433 95437->95434 95438 4c1b7f 95437->95438 95440 4c1b5d 95437->95440 95444 471f6f 95437->95444 95448 4e359c 82 API calls __wsopen_s 95438->95448 95447 4e359c 82 API calls __wsopen_s 95440->95447 95442->95271 95443->95437 95445 47ec40 348 API calls 95444->95445 95446 471f98 95445->95446 95446->95437 95447->95434 95448->95434 95449->95434 95450->95412 95451->95414 95498 4faff9 95452->95498 95456 4faff9 217 API calls 95455->95456 95458 4fac0c 95456->95458 95457 4fac54 95457->95319 95458->95457 95459 47aceb 23 API calls 95458->95459 95459->95457 95461 47b567 39 API calls 95460->95461 95462 48f659 95461->95462 95463 4cf2dc Sleep 95462->95463 95464 48f661 timeGetTime 95462->95464 95465 47b567 39 API calls 95464->95465 95466 48f677 95465->95466 95466->95319 95468 477510 53 API calls 95467->95468 95469 4e5c6d 95468->95469 95653 4ddbbe lstrlenW 95469->95653 95471 4e5c77 95471->95319 95658 502ad8 95472->95658 95474 50159f 95474->95319 95476 477510 53 API calls 95475->95476 95477 4fa306 95476->95477 95478 4dd4dc 47 API calls 95477->95478 95479 4fa315 95478->95479 95479->95319 95480->95321 95481->95280 95483 479cc2 _wcslen 95482->95483 95484 48fe0b 22 API calls 95483->95484 95485 479cea __fread_nolock 95484->95485 95486 48fddb 22 API calls 95485->95486 95487 479d00 95486->95487 95487->95293 95488->95283 95489->95307 95490->95307 95491->95282 95492->95316 95493->95316 95494->95316 95495->95314 95496->95319 95497->95316 95499 4fb01d ___scrt_fastfail 95498->95499 95500 4fb058 95499->95500 95501 4fb094 95499->95501 95619 47b567 95500->95619 95503 47b567 39 API calls 95501->95503 95507 4fb08b 95501->95507 95506 4fb0a5 95503->95506 95504 4fb063 95504->95507 95511 47b567 39 API calls 95504->95511 95510 47b567 39 API calls 95506->95510 95508 47b567 39 API calls 95507->95508 95512 4fb0ed 95507->95512 95508->95512 95510->95507 95514 4fb078 95511->95514 95589 477510 95512->95589 95516 47b567 39 API calls 95514->95516 95515 4fb115 95517 4fb11f 95515->95517 95518 4fb1d8 95515->95518 95516->95507 95520 477510 53 API calls 95517->95520 95519 4fb20a GetCurrentDirectoryW 95518->95519 95521 477510 53 API calls 95518->95521 95522 48fe0b 22 API calls 95519->95522 95523 4fb130 95520->95523 95524 4fb1ef 95521->95524 95525 4fb22f GetCurrentDirectoryW 95522->95525 95526 477620 22 API calls 95523->95526 95527 477620 22 API calls 95524->95527 95528 4fb23c 95525->95528 95529 4fb13a 95526->95529 95530 4fb1f9 _wcslen 95527->95530 95532 4fb275 95528->95532 95624 479c6e 22 API calls 95528->95624 95531 477510 53 API calls 95529->95531 95530->95519 95530->95532 95533 4fb14b 95531->95533 95540 4fb28b 95532->95540 95541 4fb287 95532->95541 95535 477620 22 API calls 95533->95535 95537 4fb155 95535->95537 95536 4fb255 95625 479c6e 22 API calls 95536->95625 95539 477510 53 API calls 95537->95539 95543 4fb166 95539->95543 95627 4e07c0 10 API calls 95540->95627 95545 4fb39a CreateProcessW 95541->95545 95546 4fb2f8 95541->95546 95542 4fb265 95626 479c6e 22 API calls 95542->95626 95548 477620 22 API calls 95543->95548 95588 4fb32f _wcslen 95545->95588 95630 4d11c8 39 API calls 95546->95630 95551 4fb170 95548->95551 95549 4fb294 95628 4e06e6 10 API calls 95549->95628 95554 4fb1a6 GetSystemDirectoryW 95551->95554 95558 477510 53 API calls 95551->95558 95553 4fb2fd 95556 4fb32a 95553->95556 95557 4fb323 95553->95557 95560 48fe0b 22 API calls 95554->95560 95555 4fb2aa 95629 4e05a7 8 API calls 95555->95629 95632 4d14ce 6 API calls 95556->95632 95631 4d1201 128 API calls 2 library calls 95557->95631 95562 4fb187 95558->95562 95565 4fb1cb GetSystemDirectoryW 95560->95565 95567 477620 22 API calls 95562->95567 95564 4fb2d0 95564->95541 95565->95528 95566 4fb328 95566->95588 95570 4fb191 _wcslen 95567->95570 95568 4fb42f CloseHandle 95571 4fb43f 95568->95571 95581 4fb49a 95568->95581 95569 4fb3d6 GetLastError 95580 4fb41a 95569->95580 95570->95528 95570->95554 95573 4fb446 CloseHandle 95571->95573 95574 4fb451 95571->95574 95573->95574 95576 4fb458 CloseHandle 95574->95576 95577 4fb463 95574->95577 95575 4fb4a6 95575->95580 95576->95577 95578 4fb46a CloseHandle 95577->95578 95579 4fb475 95577->95579 95578->95579 95633 4e09d9 34 API calls 95579->95633 95616 4e0175 95580->95616 95581->95575 95586 4fb4d2 CloseHandle 95581->95586 95585 4fb486 95634 4fb536 25 API calls 95585->95634 95586->95580 95588->95568 95588->95569 95590 477525 95589->95590 95606 477522 95589->95606 95591 47752d 95590->95591 95592 47755b 95590->95592 95635 4951c6 26 API calls 95591->95635 95594 47756d 95592->95594 95601 4b50f6 95592->95601 95603 4b500f 95592->95603 95636 48fb21 51 API calls 95594->95636 95595 47753d 95600 48fddb 22 API calls 95595->95600 95598 4b510e 95598->95598 95602 477547 95600->95602 95638 495183 26 API calls 95601->95638 95604 479cb3 22 API calls 95602->95604 95605 48fe0b 22 API calls 95603->95605 95611 4b5088 95603->95611 95604->95606 95607 4b5058 95605->95607 95612 477620 95606->95612 95608 48fddb 22 API calls 95607->95608 95609 4b507f 95608->95609 95610 479cb3 22 API calls 95609->95610 95610->95611 95637 48fb21 51 API calls 95611->95637 95613 47762a _wcslen 95612->95613 95614 48fe0b 22 API calls 95613->95614 95615 47763f 95614->95615 95615->95515 95639 4e030f 95616->95639 95620 47b578 95619->95620 95621 47b57f 95619->95621 95620->95621 95652 4962d1 39 API calls 95620->95652 95621->95504 95623 47b5c2 95623->95504 95624->95536 95625->95542 95626->95532 95627->95549 95628->95555 95629->95564 95630->95553 95631->95566 95632->95588 95633->95585 95634->95581 95635->95595 95636->95595 95637->95601 95638->95598 95640 4e0329 95639->95640 95641 4e0321 CloseHandle 95639->95641 95642 4e032e CloseHandle 95640->95642 95643 4e0336 95640->95643 95641->95640 95642->95643 95644 4e033b CloseHandle 95643->95644 95645 4e0343 95643->95645 95644->95645 95646 4e0348 CloseHandle 95645->95646 95647 4e0350 95645->95647 95646->95647 95648 4e035d 95647->95648 95649 4e0355 CloseHandle 95647->95649 95650 4e017d 95648->95650 95651 4e0362 CloseHandle 95648->95651 95649->95648 95650->95319 95651->95650 95652->95623 95654 4ddbdc GetFileAttributesW 95653->95654 95655 4ddc06 95653->95655 95654->95655 95656 4ddbe8 FindFirstFileW 95654->95656 95655->95471 95656->95655 95657 4ddbf9 FindClose 95656->95657 95657->95655 95659 47aceb 23 API calls 95658->95659 95660 502af3 95659->95660 95661 502b1d 95660->95661 95662 502aff 95660->95662 95663 476b57 22 API calls 95661->95663 95664 477510 53 API calls 95662->95664 95667 502b1b 95663->95667 95665 502b0c 95664->95665 95665->95667 95668 47a8c7 22 API calls __fread_nolock 95665->95668 95667->95474 95668->95667 95670 47ae01 95669->95670 95673 47ae1c messages 95669->95673 95671 47aec9 22 API calls 95670->95671 95672 47ae09 CharUpperBuffW 95671->95672 95672->95673 95673->95331 95675 47acae 95674->95675 95677 47acd1 95675->95677 95702 4e359c 82 API calls __wsopen_s 95675->95702 95677->95372 95679 4bfadb 95678->95679 95680 47ad92 95678->95680 95681 48fddb 22 API calls 95680->95681 95682 47ad99 95681->95682 95703 47adcd 95682->95703 95685->95371 95686->95371 95687->95335 95688->95386 95689->95349 95690->95386 95691->95386 95692->95372 95693->95372 95694->95372 95695->95372 95696->95372 95697->95362 95698->95386 95699->95369 95700->95370 95701->95386 95702->95677 95707 47addd 95703->95707 95704 47adb6 95704->95372 95705 48fddb 22 API calls 95705->95707 95706 47a961 22 API calls 95706->95707 95707->95704 95707->95705 95707->95706 95709 47adcd 22 API calls 95707->95709 95710 47a8c7 22 API calls __fread_nolock 95707->95710 95709->95707 95710->95707 95716 4ddf02 95711->95716 95712 4ddf19 95721 4962fb 39 API calls 95712->95721 95715 4ddf1f 95715->95409 95716->95712 95716->95715 95720 4963b2 GetStringTypeW _strftime 95716->95720 95717->95409 95718->95409 95719->95409 95720->95716 95721->95715 95722 4b2ba5 95723 472b25 95722->95723 95724 4b2baf 95722->95724 95750 472b83 7 API calls 95723->95750 95768 473a5a 95724->95768 95728 4b2bb8 95730 479cb3 22 API calls 95728->95730 95732 4b2bc6 95730->95732 95731 472b2f 95742 472b44 95731->95742 95754 473837 95731->95754 95733 4b2bce 95732->95733 95734 4b2bf5 95732->95734 95775 4733c6 95733->95775 95735 4733c6 22 API calls 95734->95735 95738 4b2bf1 GetForegroundWindow ShellExecuteW 95735->95738 95744 4b2c26 95738->95744 95741 472b5f 95747 472b66 SetCurrentDirectoryW 95741->95747 95742->95741 95764 4730f2 95742->95764 95744->95741 95746 4b2be7 95748 4733c6 22 API calls 95746->95748 95749 472b7a 95747->95749 95748->95738 95785 472cd4 7 API calls 95750->95785 95752 472b2a 95753 472c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95752->95753 95753->95731 95755 473862 ___scrt_fastfail 95754->95755 95786 474212 95755->95786 95758 4738e8 95760 473906 Shell_NotifyIconW 95758->95760 95761 4b3386 Shell_NotifyIconW 95758->95761 95790 473923 95760->95790 95763 47391c 95763->95742 95765 473154 95764->95765 95766 473104 ___scrt_fastfail 95764->95766 95765->95741 95767 473123 Shell_NotifyIconW 95766->95767 95767->95765 95769 4b1f50 __wsopen_s 95768->95769 95770 473a67 GetModuleFileNameW 95769->95770 95771 479cb3 22 API calls 95770->95771 95772 473a8d 95771->95772 95773 473aa2 23 API calls 95772->95773 95774 473a97 95773->95774 95774->95728 95776 4b30bb 95775->95776 95777 4733dd 95775->95777 95778 48fddb 22 API calls 95776->95778 95821 4733ee 95777->95821 95781 4b30c5 _wcslen 95778->95781 95780 4733e8 95784 476350 22 API calls 95780->95784 95782 48fe0b 22 API calls 95781->95782 95783 4b30fe __fread_nolock 95782->95783 95784->95746 95785->95752 95787 4738b7 95786->95787 95788 4b35a4 95786->95788 95787->95758 95812 4dc874 42 API calls _strftime 95787->95812 95788->95787 95789 4b35ad DestroyIcon 95788->95789 95789->95787 95791 473a13 95790->95791 95792 47393f 95790->95792 95791->95763 95813 476270 95792->95813 95795 4b3393 LoadStringW 95798 4b33ad 95795->95798 95796 47395a 95797 476b57 22 API calls 95796->95797 95799 47396f 95797->95799 95806 473994 ___scrt_fastfail 95798->95806 95819 47a8c7 22 API calls __fread_nolock 95798->95819 95800 4b33c9 95799->95800 95801 47397c 95799->95801 95820 476350 22 API calls 95800->95820 95801->95798 95803 473986 95801->95803 95818 476350 22 API calls 95803->95818 95809 4739f9 Shell_NotifyIconW 95806->95809 95807 4b33d7 95807->95806 95808 4733c6 22 API calls 95807->95808 95810 4b33f9 95808->95810 95809->95791 95811 4733c6 22 API calls 95810->95811 95811->95806 95812->95758 95814 48fe0b 22 API calls 95813->95814 95815 476295 95814->95815 95816 48fddb 22 API calls 95815->95816 95817 47394d 95816->95817 95817->95795 95817->95796 95818->95806 95819->95806 95820->95807 95822 4733fe _wcslen 95821->95822 95823 4b311d 95822->95823 95824 473411 95822->95824 95826 48fddb 22 API calls 95823->95826 95831 47a587 95824->95831 95828 4b3127 95826->95828 95827 47341e __fread_nolock 95827->95780 95829 48fe0b 22 API calls 95828->95829 95830 4b3157 __fread_nolock 95829->95830 95832 47a59d 95831->95832 95835 47a598 __fread_nolock 95831->95835 95833 4bf80f 95832->95833 95834 48fe0b 22 API calls 95832->95834 95834->95835 95835->95827 95836 472e37 95837 47a961 22 API calls 95836->95837 95838 472e4d 95837->95838 95915 474ae3 95838->95915 95840 472e6b 95841 473a5a 24 API calls 95840->95841 95842 472e7f 95841->95842 95843 479cb3 22 API calls 95842->95843 95844 472e8c 95843->95844 95845 474ecb 94 API calls 95844->95845 95846 472ea5 95845->95846 95847 472ead 95846->95847 95848 4b2cb0 95846->95848 95929 47a8c7 22 API calls __fread_nolock 95847->95929 95849 4e2cf9 80 API calls 95848->95849 95850 4b2cc3 95849->95850 95851 4b2ccf 95850->95851 95853 474f39 68 API calls 95850->95853 95857 474f39 68 API calls 95851->95857 95853->95851 95854 472ec3 95930 476f88 22 API calls 95854->95930 95856 472ecf 95858 479cb3 22 API calls 95856->95858 95859 4b2ce5 95857->95859 95860 472edc 95858->95860 95947 473084 22 API calls 95859->95947 95931 47a81b 41 API calls 95860->95931 95862 472eec 95865 479cb3 22 API calls 95862->95865 95864 4b2d02 95948 473084 22 API calls 95864->95948 95867 472f12 95865->95867 95932 47a81b 41 API calls 95867->95932 95868 4b2d1e 95871 473a5a 24 API calls 95868->95871 95870 472f21 95875 47a961 22 API calls 95870->95875 95872 4b2d44 95871->95872 95949 473084 22 API calls 95872->95949 95874 4b2d50 95950 47a8c7 22 API calls __fread_nolock 95874->95950 95876 472f3f 95875->95876 95933 473084 22 API calls 95876->95933 95879 4b2d5e 95951 473084 22 API calls 95879->95951 95880 472f4b 95934 494a28 40 API calls 3 library calls 95880->95934 95883 4b2d6d 95952 47a8c7 22 API calls __fread_nolock 95883->95952 95884 472f59 95884->95859 95885 472f63 95884->95885 95935 494a28 40 API calls 3 library calls 95885->95935 95888 4b2d83 95953 473084 22 API calls 95888->95953 95889 472f6e 95889->95864 95891 472f78 95889->95891 95936 494a28 40 API calls 3 library calls 95891->95936 95892 4b2d90 95894 472f83 95894->95868 95895 472f8d 95894->95895 95937 494a28 40 API calls 3 library calls 95895->95937 95897 472f98 95898 472fdc 95897->95898 95938 473084 22 API calls 95897->95938 95898->95883 95899 472fe8 95898->95899 95899->95892 95941 4763eb 22 API calls 95899->95941 95901 472fbf 95939 47a8c7 22 API calls __fread_nolock 95901->95939 95904 472ff8 95942 476a50 22 API calls 95904->95942 95905 472fcd 95940 473084 22 API calls 95905->95940 95908 473006 95943 4770b0 23 API calls 95908->95943 95912 473021 95913 473065 95912->95913 95944 476f88 22 API calls 95912->95944 95945 4770b0 23 API calls 95912->95945 95946 473084 22 API calls 95912->95946 95916 474af0 __wsopen_s 95915->95916 95917 476b57 22 API calls 95916->95917 95918 474b22 95916->95918 95917->95918 95926 474b58 95918->95926 95954 474c6d 95918->95954 95920 479cb3 22 API calls 95922 474c52 95920->95922 95921 479cb3 22 API calls 95921->95926 95923 47515f 22 API calls 95922->95923 95925 474c5e 95923->95925 95924 47515f 22 API calls 95924->95926 95925->95840 95926->95921 95926->95924 95927 474c29 95926->95927 95928 474c6d 22 API calls 95926->95928 95927->95920 95927->95925 95928->95926 95929->95854 95930->95856 95931->95862 95932->95870 95933->95880 95934->95884 95935->95889 95936->95894 95937->95897 95938->95901 95939->95905 95940->95898 95941->95904 95942->95908 95943->95912 95944->95912 95945->95912 95946->95912 95947->95864 95948->95868 95949->95874 95950->95879 95951->95883 95952->95888 95953->95892 95955 47aec9 22 API calls 95954->95955 95956 474c78 95955->95956 95956->95918 95957 473156 95960 473170 95957->95960 95961 473187 95960->95961 95962 47318c 95961->95962 95963 4731eb 95961->95963 96000 4731e9 95961->96000 95966 473265 PostQuitMessage 95962->95966 95967 473199 95962->95967 95964 4b2dfb 95963->95964 95965 4731f1 95963->95965 96015 4718e2 10 API calls 95964->96015 95969 47321d SetTimer RegisterWindowMessageW 95965->95969 95970 4731f8 95965->95970 95990 47316a 95966->95990 95972 4731a4 95967->95972 95973 4b2e7c 95967->95973 95968 4731d0 DefWindowProcW 95968->95990 95977 473246 CreatePopupMenu 95969->95977 95969->95990 95974 473201 KillTimer 95970->95974 95975 4b2d9c 95970->95975 95978 4b2e68 95972->95978 95979 4731ae 95972->95979 96018 4dbf30 34 API calls ___scrt_fastfail 95973->96018 95981 4730f2 Shell_NotifyIconW 95974->95981 95987 4b2da1 95975->95987 95988 4b2dd7 MoveWindow 95975->95988 95976 4b2e1c 96016 48e499 42 API calls 95976->96016 95977->95990 96005 4dc161 95978->96005 95984 4b2e4d 95979->95984 95985 4731b9 95979->95985 95989 473214 95981->95989 95984->95968 96017 4d0ad7 22 API calls 95984->96017 95991 4731c4 95985->95991 95992 473253 95985->95992 95986 4b2e8e 95986->95968 95986->95990 95993 4b2da7 95987->95993 95994 4b2dc6 SetFocus 95987->95994 95988->95990 96012 473c50 DeleteObject DestroyWindow 95989->96012 95991->95968 96002 4730f2 Shell_NotifyIconW 95991->96002 96013 47326f 44 API calls ___scrt_fastfail 95992->96013 95993->95991 95995 4b2db0 95993->95995 95994->95990 96014 4718e2 10 API calls 95995->96014 96000->95968 96001 473263 96001->95990 96003 4b2e41 96002->96003 96004 473837 49 API calls 96003->96004 96004->96000 96006 4dc179 ___scrt_fastfail 96005->96006 96007 4dc276 96005->96007 96008 473923 24 API calls 96006->96008 96007->95990 96010 4dc1a0 96008->96010 96009 4dc25f KillTimer SetTimer 96009->96007 96010->96009 96011 4dc251 Shell_NotifyIconW 96010->96011 96011->96009 96012->95990 96013->96001 96014->95990 96015->95976 96016->95991 96017->96000 96018->95986 96019 4903fb 96020 490407 ___scrt_is_nonwritable_in_current_image 96019->96020 96048 48feb1 96020->96048 96022 49040e 96023 490561 96022->96023 96026 490438 96022->96026 96078 49083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96023->96078 96025 490568 96071 494e52 96025->96071 96035 490477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96026->96035 96059 4a247d 96026->96059 96033 490457 96039 4904d8 96035->96039 96074 494e1a 38 API calls 2 library calls 96035->96074 96037 4904de 96040 4904f3 96037->96040 96067 490959 96039->96067 96075 490992 GetModuleHandleW 96040->96075 96042 4904fa 96042->96025 96043 4904fe 96042->96043 96044 490507 96043->96044 96076 494df5 28 API calls _abort 96043->96076 96077 490040 13 API calls 2 library calls 96044->96077 96047 49050f 96047->96033 96049 48feba 96048->96049 96080 490698 IsProcessorFeaturePresent 96049->96080 96051 48fec6 96081 492c94 10 API calls 3 library calls 96051->96081 96053 48fecb 96058 48fecf 96053->96058 96082 4a2317 96053->96082 96056 48fee6 96056->96022 96058->96022 96062 4a2494 96059->96062 96060 490a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96061 490451 96060->96061 96061->96033 96063 4a2421 96061->96063 96062->96060 96064 4a2450 96063->96064 96065 490a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96064->96065 96066 4a2479 96065->96066 96066->96035 96133 492340 96067->96133 96069 49096c GetStartupInfoW 96070 49097f 96069->96070 96070->96037 96135 494bcf 96071->96135 96074->96039 96075->96042 96076->96044 96077->96047 96078->96025 96080->96051 96081->96053 96086 4ad1f6 96082->96086 96085 492cbd 8 API calls 3 library calls 96085->96058 96089 4ad213 96086->96089 96090 4ad20f 96086->96090 96088 48fed8 96088->96056 96088->96085 96089->96090 96092 4a4bfb 96089->96092 96104 490a8c 96090->96104 96093 4a4c07 ___scrt_is_nonwritable_in_current_image 96092->96093 96111 4a2f5e EnterCriticalSection 96093->96111 96095 4a4c0e 96112 4a50af 96095->96112 96097 4a4c1d 96103 4a4c2c 96097->96103 96125 4a4a8f 29 API calls 96097->96125 96100 4a4c27 96126 4a4b45 GetStdHandle GetFileType 96100->96126 96101 4a4c3d __wsopen_s 96101->96089 96127 4a4c48 LeaveCriticalSection _abort 96103->96127 96105 490a95 96104->96105 96106 490a97 IsProcessorFeaturePresent 96104->96106 96105->96088 96108 490c5d 96106->96108 96132 490c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96108->96132 96110 490d40 96110->96088 96111->96095 96113 4a50bb ___scrt_is_nonwritable_in_current_image 96112->96113 96114 4a50c8 96113->96114 96115 4a50df 96113->96115 96129 49f2d9 20 API calls _abort 96114->96129 96128 4a2f5e EnterCriticalSection 96115->96128 96118 4a50cd 96130 4a27ec 26 API calls _abort 96118->96130 96119 4a50eb 96122 4a5000 __wsopen_s 21 API calls 96119->96122 96124 4a5117 96119->96124 96122->96119 96123 4a50d7 __wsopen_s 96123->96097 96131 4a513e LeaveCriticalSection _abort 96124->96131 96125->96100 96126->96103 96127->96101 96128->96119 96129->96118 96130->96123 96131->96123 96132->96110 96134 492357 96133->96134 96134->96069 96134->96134 96136 494bdb _abort 96135->96136 96137 494be2 96136->96137 96138 494bf4 96136->96138 96174 494d29 GetModuleHandleW 96137->96174 96159 4a2f5e EnterCriticalSection 96138->96159 96141 494be7 96141->96138 96175 494d6d GetModuleHandleExW 96141->96175 96142 494c99 96163 494cd9 96142->96163 96146 494c70 96150 494c88 96146->96150 96154 4a2421 _abort 5 API calls 96146->96154 96148 494ce2 96183 4b1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96148->96183 96149 494cb6 96166 494ce8 96149->96166 96155 4a2421 _abort 5 API calls 96150->96155 96154->96150 96155->96142 96156 494bfb 96156->96142 96156->96146 96160 4a21a8 96156->96160 96159->96156 96184 4a1ee1 96160->96184 96203 4a2fa6 LeaveCriticalSection 96163->96203 96165 494cb2 96165->96148 96165->96149 96204 4a360c 96166->96204 96169 494d16 96172 494d6d _abort 8 API calls 96169->96172 96170 494cf6 GetPEB 96170->96169 96171 494d06 GetCurrentProcess TerminateProcess 96170->96171 96171->96169 96173 494d1e ExitProcess 96172->96173 96174->96141 96176 494dba 96175->96176 96177 494d97 GetProcAddress 96175->96177 96179 494dc9 96176->96179 96180 494dc0 FreeLibrary 96176->96180 96178 494dac 96177->96178 96178->96176 96181 490a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96179->96181 96180->96179 96182 494bf3 96181->96182 96182->96138 96187 4a1e90 96184->96187 96186 4a1f05 96186->96146 96188 4a1e9c ___scrt_is_nonwritable_in_current_image 96187->96188 96195 4a2f5e EnterCriticalSection 96188->96195 96190 4a1eaa 96196 4a1f31 96190->96196 96194 4a1ec8 __wsopen_s 96194->96186 96195->96190 96197 4a1f51 96196->96197 96200 4a1f59 96196->96200 96198 490a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96197->96198 96199 4a1eb7 96198->96199 96202 4a1ed5 LeaveCriticalSection _abort 96199->96202 96200->96197 96201 4a29c8 _free 20 API calls 96200->96201 96201->96197 96202->96194 96203->96165 96205 4a3631 96204->96205 96206 4a3627 96204->96206 96211 4a2fd7 5 API calls 2 library calls 96205->96211 96208 490a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96206->96208 96209 494cf2 96208->96209 96209->96169 96209->96170 96210 4a3648 96210->96206 96211->96210 96212 47fe73 96219 48ceb1 96212->96219 96214 47fe89 96228 48cf92 96214->96228 96216 47feb3 96240 4e359c 82 API calls __wsopen_s 96216->96240 96218 4c4ab8 96220 48cebf 96219->96220 96221 48ced2 96219->96221 96222 47aceb 23 API calls 96220->96222 96223 48cf05 96221->96223 96224 48ced7 96221->96224 96227 48cec9 96222->96227 96225 47aceb 23 API calls 96223->96225 96226 48fddb 22 API calls 96224->96226 96225->96227 96226->96227 96227->96214 96229 476270 22 API calls 96228->96229 96230 48cfc9 96229->96230 96231 48cffa 96230->96231 96232 479cb3 22 API calls 96230->96232 96231->96216 96233 4cd166 96232->96233 96241 476350 22 API calls 96233->96241 96235 4cd171 96242 48d2f0 40 API calls 96235->96242 96237 4cd184 96238 47aceb 23 API calls 96237->96238 96239 4cd188 96237->96239 96238->96239 96239->96239 96240->96218 96241->96235 96242->96237 96243 471033 96248 474c91 96243->96248 96247 471042 96249 47a961 22 API calls 96248->96249 96250 474cff 96249->96250 96256 473af0 96250->96256 96252 474d9c 96254 471038 96252->96254 96259 4751f7 22 API calls __fread_nolock 96252->96259 96255 4900a3 29 API calls __onexit 96254->96255 96255->96247 96260 473b1c 96256->96260 96259->96252 96261 473b0f 96260->96261 96262 473b29 96260->96262 96261->96252 96262->96261 96263 473b30 RegOpenKeyExW 96262->96263 96263->96261 96264 473b4a RegQueryValueExW 96263->96264 96265 473b80 RegCloseKey 96264->96265 96266 473b6b 96264->96266 96265->96261 96266->96265 96267 47f7bf 96268 47fcb6 96267->96268 96269 47f7d3 96267->96269 96270 47aceb 23 API calls 96268->96270 96271 47fcc2 96269->96271 96273 48fddb 22 API calls 96269->96273 96270->96271 96272 47aceb 23 API calls 96271->96272 96276 47fd3d 96272->96276 96274 47f7e5 96273->96274 96274->96271 96275 47f83e 96274->96275 96274->96276 96278 481310 348 API calls 96275->96278 96293 47ed9d messages 96275->96293 96304 4e1155 22 API calls 96276->96304 96299 47ec76 messages 96278->96299 96279 48fddb 22 API calls 96279->96299 96281 47fef7 96281->96293 96306 47a8c7 22 API calls __fread_nolock 96281->96306 96283 4c4600 96283->96293 96305 47a8c7 22 API calls __fread_nolock 96283->96305 96284 4c4b0b 96308 4e359c 82 API calls __wsopen_s 96284->96308 96290 490242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96290->96299 96291 47a8c7 22 API calls 96291->96299 96292 47fbe3 96292->96293 96295 4c4bdc 96292->96295 96301 47f3ae messages 96292->96301 96294 47a961 22 API calls 96294->96299 96309 4e359c 82 API calls __wsopen_s 96295->96309 96297 4c4beb 96310 4e359c 82 API calls __wsopen_s 96297->96310 96298 4900a3 29 API calls pre_c_initialization 96298->96299 96299->96279 96299->96281 96299->96283 96299->96284 96299->96290 96299->96291 96299->96292 96299->96293 96299->96294 96299->96297 96299->96298 96300 4901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96299->96300 96299->96301 96302 4801e0 348 API calls 2 library calls 96299->96302 96303 4806a0 41 API calls messages 96299->96303 96300->96299 96301->96293 96307 4e359c 82 API calls __wsopen_s 96301->96307 96302->96299 96303->96299 96304->96293 96305->96293 96306->96293 96307->96293 96308->96293 96309->96297 96310->96293 96311 4c3f75 96312 48ceb1 23 API calls 96311->96312 96313 4c3f8b 96312->96313 96315 4c4006 96313->96315 96322 48e300 23 API calls 96313->96322 96316 47bf40 348 API calls 96315->96316 96317 4c4052 96316->96317 96320 4c4a88 96317->96320 96324 4e359c 82 API calls __wsopen_s 96317->96324 96319 4c3fe6 96319->96317 96323 4e1abf 22 API calls 96319->96323 96322->96319 96323->96315 96324->96320 96325 47defc 96328 471d6f 96325->96328 96327 47df07 96329 471d8c 96328->96329 96330 471f6f 348 API calls 96329->96330 96331 471da6 96330->96331 96332 4b2759 96331->96332 96334 471e36 96331->96334 96335 471dc2 96331->96335 96338 4e359c 82 API calls __wsopen_s 96332->96338 96334->96327 96335->96334 96337 47289a 23 API calls 96335->96337 96337->96334 96338->96334 96339 47105b 96344 47344d 96339->96344 96341 47106a 96375 4900a3 29 API calls __onexit 96341->96375 96343 471074 96345 47345d __wsopen_s 96344->96345 96346 47a961 22 API calls 96345->96346 96347 473513 96346->96347 96348 473a5a 24 API calls 96347->96348 96349 47351c 96348->96349 96376 473357 96349->96376 96352 4733c6 22 API calls 96353 473535 96352->96353 96354 47515f 22 API calls 96353->96354 96355 473544 96354->96355 96356 47a961 22 API calls 96355->96356 96357 47354d 96356->96357 96358 47a6c3 22 API calls 96357->96358 96359 473556 RegOpenKeyExW 96358->96359 96360 4b3176 RegQueryValueExW 96359->96360 96364 473578 96359->96364 96361 4b320c RegCloseKey 96360->96361 96362 4b3193 96360->96362 96361->96364 96374 4b321e _wcslen 96361->96374 96363 48fe0b 22 API calls 96362->96363 96365 4b31ac 96363->96365 96364->96341 96366 475722 22 API calls 96365->96366 96367 4b31b7 RegQueryValueExW 96366->96367 96368 4b31d4 96367->96368 96371 4b31ee messages 96367->96371 96370 476b57 22 API calls 96368->96370 96369 474c6d 22 API calls 96369->96374 96370->96371 96371->96361 96372 479cb3 22 API calls 96372->96374 96373 47515f 22 API calls 96373->96374 96374->96364 96374->96369 96374->96372 96374->96373 96375->96343 96377 4b1f50 __wsopen_s 96376->96377 96378 473364 GetFullPathNameW 96377->96378 96379 473386 96378->96379 96380 476b57 22 API calls 96379->96380 96381 4733a4 96380->96381 96381->96352 96382 471098 96387 4742de 96382->96387 96386 4710a7 96388 47a961 22 API calls 96387->96388 96389 4742f5 GetVersionExW 96388->96389 96390 476b57 22 API calls 96389->96390 96391 474342 96390->96391 96392 4793b2 22 API calls 96391->96392 96402 474378 96391->96402 96393 47436c 96392->96393 96395 4737a0 22 API calls 96393->96395 96394 47441b GetCurrentProcess IsWow64Process 96396 474437 96394->96396 96395->96402 96397 47444f LoadLibraryA 96396->96397 96398 4b3824 GetSystemInfo 96396->96398 96399 474460 GetProcAddress 96397->96399 96400 47449c GetSystemInfo 96397->96400 96399->96400 96404 474470 GetNativeSystemInfo 96399->96404 96401 474476 96400->96401 96405 47109d 96401->96405 96406 47447a FreeLibrary 96401->96406 96402->96394 96403 4b37df 96402->96403 96404->96401 96407 4900a3 29 API calls __onexit 96405->96407 96406->96405 96407->96386

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 389 4742de-47434d call 47a961 GetVersionExW call 476b57 394 474353 389->394 395 4b3617-4b362a 389->395 397 474355-474357 394->397 396 4b362b-4b362f 395->396 398 4b3632-4b363e 396->398 399 4b3631 396->399 400 47435d-4743bc call 4793b2 call 4737a0 397->400 401 4b3656 397->401 398->396 402 4b3640-4b3642 398->402 399->398 418 4b37df-4b37e6 400->418 419 4743c2-4743c4 400->419 405 4b365d-4b3660 401->405 402->397 404 4b3648-4b364f 402->404 404->395 407 4b3651 404->407 408 47441b-474435 GetCurrentProcess IsWow64Process 405->408 409 4b3666-4b36a8 405->409 407->401 411 474437 408->411 412 474494-47449a 408->412 409->408 413 4b36ae-4b36b1 409->413 415 47443d-474449 411->415 412->415 416 4b36db-4b36e5 413->416 417 4b36b3-4b36bd 413->417 425 47444f-47445e LoadLibraryA 415->425 426 4b3824-4b3828 GetSystemInfo 415->426 421 4b36f8-4b3702 416->421 422 4b36e7-4b36f3 416->422 427 4b36ca-4b36d6 417->427 428 4b36bf-4b36c5 417->428 423 4b37e8 418->423 424 4b3806-4b3809 418->424 419->405 420 4743ca-4743dd 419->420 429 4743e3-4743e5 420->429 430 4b3726-4b372f 420->430 432 4b3715-4b3721 421->432 433 4b3704-4b3710 421->433 422->408 431 4b37ee 423->431 434 4b380b-4b381a 424->434 435 4b37f4-4b37fc 424->435 436 474460-47446e GetProcAddress 425->436 437 47449c-4744a6 GetSystemInfo 425->437 427->408 428->408 439 4b374d-4b3762 429->439 440 4743eb-4743ee 429->440 441 4b373c-4b3748 430->441 442 4b3731-4b3737 430->442 431->435 432->408 433->408 434->431 443 4b381c-4b3822 434->443 435->424 436->437 444 474470-474474 GetNativeSystemInfo 436->444 438 474476-474478 437->438 449 474481-474493 438->449 450 47447a-47447b FreeLibrary 438->450 447 4b376f-4b377b 439->447 448 4b3764-4b376a 439->448 445 4743f4-47440f 440->445 446 4b3791-4b3794 440->446 441->408 442->408 443->435 444->438 451 474415 445->451 452 4b3780-4b378c 445->452 446->408 453 4b379a-4b37c1 446->453 447->408 448->408 450->449 451->408 452->408 454 4b37ce-4b37da 453->454 455 4b37c3-4b37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0047430D
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,0050CB64,00000000,?,?), ref: 00474422
                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00474429
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00474454
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00474466
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00474474
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 0047447B
                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 004744A0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                    • Opcode ID: 55bdf3649aeb081969440312967415890fdb609830571027d165c216cccf0809
                                                                                                                                                                                                                                                    • Instruction ID: 38b5b0cebb8407a52276bbb0c40cc39daf9ac26fbec1ada124f2d84ec574bbb8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55bdf3649aeb081969440312967415890fdb609830571027d165c216cccf0809
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48A1D87A909AD0DFC711CF697C441E57FA46B77348B148C9AD04593B22E328458DFB2E

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1000 4742a2-4742ba CreateStreamOnHGlobal 1001 4742bc-4742d3 FindResourceExW 1000->1001 1002 4742da-4742dd 1000->1002 1003 4b35ba-4b35c9 LoadResource 1001->1003 1004 4742d9 1001->1004 1003->1004 1005 4b35cf-4b35dd SizeofResource 1003->1005 1004->1002 1005->1004 1006 4b35e3-4b35ee LockResource 1005->1006 1006->1004 1007 4b35f4-4b3612 1006->1007 1007->1004
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,004750AA,?,?,00000000,00000000), ref: 004742B2
                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004750AA,?,?,00000000,00000000), ref: 004742C9
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,004750AA,?,?,00000000,00000000,?,?,?,?,?,?,00474F20), ref: 004B35BE
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,004750AA,?,?,00000000,00000000,?,?,?,?,?,?,00474F20), ref: 004B35D3
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(004750AA,?,?,004750AA,?,?,00000000,00000000,?,?,?,?,?,?,00474F20,?), ref: 004B35E6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                    • String ID: SCRIPT
                                                                                                                                                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                    • Opcode ID: 02cbea129d40cec1840ce67efd5e54ec23ee4debfddf26cd7a74e251ebb535d0
                                                                                                                                                                                                                                                    • Instruction ID: a50310e41109989142ec7f141a36499ea878d2efb338b89f3a51eda675e10915
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02cbea129d40cec1840ce67efd5e54ec23ee4debfddf26cd7a74e251ebb535d0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B117C74200701BFD7218B65DC48F6B7FB9EBD6B91F2082AAF40696690DB71D8149A20

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00472B6B
                                                                                                                                                                                                                                                      • Part of subcall function 00473A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00541418,?,00472E7F,?,?,?,00000000), ref: 00473A78
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,?,?,00532224), ref: 004B2C10
                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?,00532224), ref: 004B2C17
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                    • String ID: runas
                                                                                                                                                                                                                                                    • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                    • Opcode ID: 862285e85e33ae30e9849dc655383739dd7338d61dc853031a6eb2f58f7f891b
                                                                                                                                                                                                                                                    • Instruction ID: eeb95db0f1dd67f40fc99da9236fee8e1832e8eb9313fa4633815ff096e45738
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 862285e85e33ae30e9849dc655383739dd7338d61dc853031a6eb2f58f7f891b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C311E7311083015ACB14FF21D9529EE7BA4ABA1749F04941FF04A120A2DF78994EE71A

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1446 4dd4dc-4dd524 CreateToolhelp32Snapshot Process32FirstW call 4ddef7 1449 4dd5d2-4dd5d5 1446->1449 1450 4dd529-4dd538 Process32NextW 1449->1450 1451 4dd5db-4dd5ea CloseHandle 1449->1451 1450->1451 1452 4dd53e-4dd5ad call 47a961 * 2 call 479cb3 call 47525f call 47988f call 476350 call 48ce60 1450->1452 1467 4dd5af-4dd5b1 1452->1467 1468 4dd5b7-4dd5be 1452->1468 1469 4dd5c0-4dd5cd call 47988f * 2 1467->1469 1470 4dd5b3-4dd5b5 1467->1470 1468->1469 1469->1449 1470->1468 1470->1469
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 004DD501
                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 004DD50F
                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 004DD52F
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004DD5DC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                                    • Opcode ID: a23138a8d1c6da0b0c65617923e18f3dfe5e76e648df3fa20864abcfe0bb9f4c
                                                                                                                                                                                                                                                    • Instruction ID: 4985c6153fd8692edfe321a8642b2891cbc369fb4aafb6690c6a4a6df0d6a77f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a23138a8d1c6da0b0c65617923e18f3dfe5e76e648df3fa20864abcfe0bb9f4c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D31C471008300AFD300EF54D891EAFBBF8EF99358F14492EF585862A1EB759949CB97

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1474 4ddbbe-4ddbda lstrlenW 1475 4ddbdc-4ddbe6 GetFileAttributesW 1474->1475 1476 4ddc06 1474->1476 1477 4ddc09-4ddc0d 1475->1477 1478 4ddbe8-4ddbf7 FindFirstFileW 1475->1478 1476->1477 1478->1476 1479 4ddbf9-4ddc04 FindClose 1478->1479 1479->1477
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,004B5222), ref: 004DDBCE
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 004DDBDD
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004DDBEE
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004DDBFA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2695905019-0
                                                                                                                                                                                                                                                    • Opcode ID: 8885e94747f7df804867c6e06065e03534af13a2124c7e3b4c2adc5780b45602
                                                                                                                                                                                                                                                    • Instruction ID: e5b800ddae7633de396a2619014e6981c0beefa09c4b651cefb6aefabbcb3632
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8885e94747f7df804867c6e06065e03534af13a2124c7e3b4c2adc5780b45602
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF0A03082091057C2206B78AC0E8BF3B6C9F42334F204703F876C22E1EBB45959D69A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(004A28E9,?,00494CBE,004A28E9,005388B8,0000000C,00494E15,004A28E9,00000002,00000000,?,004A28E9), ref: 00494D09
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00494CBE,004A28E9,005388B8,0000000C,00494E15,004A28E9,00000002,00000000,?,004A28E9), ref: 00494D10
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00494D22
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: f2a0bd81915a11ba990cc634bfdd47239e00a7e736dbf3e07ece5a95e0397964
                                                                                                                                                                                                                                                    • Instruction ID: 3eb8d316f3a556261b7d418b1fb50ba0a53551462f4b91235093f52fe8f1e205
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2a0bd81915a11ba990cc634bfdd47239e00a7e736dbf3e07ece5a95e0397964
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5E04631010108ABCF21AF10DD09E893F29FB96785B008629FC048A222CB39DD42DA84
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                                                                                                                                    • String ID: p#T
                                                                                                                                                                                                                                                    • API String ID: 3964851224-2032096206
                                                                                                                                                                                                                                                    • Opcode ID: f9f72ee09b758e4c7477bd744653cfc7378805bc29faa59361e41dc13b90c3de
                                                                                                                                                                                                                                                    • Instruction ID: d853d8f2dcdc096f18d4d945bfe70766b5d48d7e8db380b734550809178ac77f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9f72ee09b758e4c7477bd744653cfc7378805bc29faa59361e41dc13b90c3de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDA26CB4608301DFC764DF15C480B6AB7E1BF89304F14896EE99A8B352D739EC45CB9A

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 4faff9-4fb056 call 492340 3 4fb058-4fb06b call 47b567 0->3 4 4fb094-4fb098 0->4 14 4fb06d-4fb092 call 47b567 * 2 3->14 15 4fb0c8 3->15 5 4fb0dd-4fb0e0 4->5 6 4fb09a-4fb0bb call 47b567 * 2 4->6 10 4fb0f5-4fb119 call 477510 call 477620 5->10 11 4fb0e2-4fb0e5 5->11 29 4fb0bf-4fb0c4 6->29 32 4fb11f-4fb178 call 477510 call 477620 call 477510 call 477620 call 477510 call 477620 10->32 33 4fb1d8-4fb1e0 10->33 16 4fb0e8-4fb0ed call 47b567 11->16 14->29 20 4fb0cb-4fb0cf 15->20 16->10 25 4fb0d9-4fb0db 20->25 26 4fb0d1-4fb0d7 20->26 25->5 25->10 26->16 29->5 34 4fb0c6 29->34 80 4fb17a-4fb195 call 477510 call 477620 32->80 81 4fb1a6-4fb1d6 GetSystemDirectoryW call 48fe0b GetSystemDirectoryW 32->81 35 4fb20a-4fb238 GetCurrentDirectoryW call 48fe0b GetCurrentDirectoryW 33->35 36 4fb1e2-4fb1fd call 477510 call 477620 33->36 34->20 45 4fb23c 35->45 36->35 50 4fb1ff-4fb208 call 494963 36->50 48 4fb240-4fb244 45->48 51 4fb246-4fb270 call 479c6e * 3 48->51 52 4fb275-4fb285 call 4e00d9 48->52 50->35 50->52 51->52 64 4fb28b-4fb2e1 call 4e07c0 call 4e06e6 call 4e05a7 52->64 65 4fb287-4fb289 52->65 68 4fb2ee-4fb2f2 64->68 100 4fb2e3 64->100 65->68 70 4fb39a-4fb3be CreateProcessW 68->70 71 4fb2f8-4fb321 call 4d11c8 68->71 78 4fb3c1-4fb3d4 call 48fe14 * 2 70->78 84 4fb32a call 4d14ce 71->84 85 4fb323-4fb328 call 4d1201 71->85 101 4fb42f-4fb43d CloseHandle 78->101 102 4fb3d6-4fb3e8 78->102 80->81 107 4fb197-4fb1a0 call 494963 80->107 81->45 99 4fb32f-4fb33c call 494963 84->99 85->99 115 4fb33e-4fb345 99->115 116 4fb347-4fb357 call 494963 99->116 100->68 109 4fb43f-4fb444 101->109 110 4fb49c 101->110 105 4fb3ed-4fb3fc 102->105 106 4fb3ea 102->106 111 4fb3fe 105->111 112 4fb401-4fb42a GetLastError call 47630c call 47cfa0 105->112 106->105 107->48 107->81 117 4fb446-4fb44c CloseHandle 109->117 118 4fb451-4fb456 109->118 113 4fb4a0-4fb4a4 110->113 111->112 129 4fb4e5-4fb4f6 call 4e0175 112->129 120 4fb4a6-4fb4b0 113->120 121 4fb4b2-4fb4bc 113->121 115->115 115->116 137 4fb359-4fb360 116->137 138 4fb362-4fb372 call 494963 116->138 117->118 124 4fb458-4fb45e CloseHandle 118->124 125 4fb463-4fb468 118->125 120->129 130 4fb4be 121->130 131 4fb4c4-4fb4e3 call 47cfa0 CloseHandle 121->131 124->125 126 4fb46a-4fb470 CloseHandle 125->126 127 4fb475-4fb49a call 4e09d9 call 4fb536 125->127 126->127 127->113 130->131 131->129 137->137 137->138 146 4fb37d-4fb398 call 48fe14 * 3 138->146 147 4fb374-4fb37b 138->147 146->78 147->146 147->147
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FB198
                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 004FB1B0
                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 004FB1D4
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FB200
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 004FB214
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 004FB236
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FB332
                                                                                                                                                                                                                                                      • Part of subcall function 004E05A7: GetStdHandle.KERNEL32(000000F6), ref: 004E05C6
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FB34B
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FB366
                                                                                                                                                                                                                                                    • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 004FB3B6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 004FB407
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004FB439
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FB44A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FB45C
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FB46E
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004FB4E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2178637699-0
                                                                                                                                                                                                                                                    • Opcode ID: 3289a97a916e101d27b3d0228793d4bde97dbfa2383038d6662aef231c95cef8
                                                                                                                                                                                                                                                    • Instruction ID: 8ac4019db47ff4cb286d04a68c8893a0be140390c0f555206c80460e6ea2936d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3289a97a916e101d27b3d0228793d4bde97dbfa2383038d6662aef231c95cef8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1F19C315042049FC714EF25C881B6FBBE1EF86318F14855EF9994B2A2CB39EC45CB9A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 0047D807
                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 0047DA07
                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0047DB28
                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0047DB7B
                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0047DB89
                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0047DB9F
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(0000000A), ref: 0047DBB1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2189390790-0
                                                                                                                                                                                                                                                    • Opcode ID: 517d4e1abd7da48b7963323f5cdfa9fe2b1932309930fe20f22c7576d6f7bf37
                                                                                                                                                                                                                                                    • Instruction ID: 744cf91ebe24e79c07cd4b57f8b3efb02f1cf26429e75ddf81fba28d3e511fb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 517d4e1abd7da48b7963323f5cdfa9fe2b1932309930fe20f22c7576d6f7bf37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C42F174A14241DFD728DF25C844FAAB7B0BF86304F14861FE55A87391D7B8E848CB9A

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00472D07
                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00472D31
                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00472D42
                                                                                                                                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00472D5F
                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00472D6F
                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00472D85
                                                                                                                                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00472D94
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                    • Opcode ID: e5a23d52a9909f217c006a5889e8ef64541eab2d8a1a3e95c1ab570c3c504774
                                                                                                                                                                                                                                                    • Instruction ID: 0ae31cf32d430b6534a6b4b15b9aa6f64e89f969c83dc18db0b182cfbad113d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5a23d52a9909f217c006a5889e8ef64541eab2d8a1a3e95c1ab570c3c504774
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9621F4B5901308AFDB00DFA4EC49BDDBFB4FB1A704F00821AF511A62A0D7B10588EF94

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 457 4b065b-4b068b call 4b042f 460 4b068d-4b0698 call 49f2c6 457->460 461 4b06a6-4b06b2 call 4a5221 457->461 466 4b069a-4b06a1 call 49f2d9 460->466 467 4b06cb-4b0714 call 4b039a 461->467 468 4b06b4-4b06c9 call 49f2c6 call 49f2d9 461->468 477 4b097d-4b0983 466->477 475 4b0781-4b078a GetFileType 467->475 476 4b0716-4b071f 467->476 468->466 481 4b078c-4b07bd GetLastError call 49f2a3 CloseHandle 475->481 482 4b07d3-4b07d6 475->482 479 4b0721-4b0725 476->479 480 4b0756-4b077c GetLastError call 49f2a3 476->480 479->480 486 4b0727-4b0754 call 4b039a 479->486 480->466 481->466 496 4b07c3-4b07ce call 49f2d9 481->496 484 4b07d8-4b07dd 482->484 485 4b07df-4b07e5 482->485 489 4b07e9-4b0837 call 4a516a 484->489 485->489 490 4b07e7 485->490 486->475 486->480 500 4b0839-4b0845 call 4b05ab 489->500 501 4b0847-4b086b call 4b014d 489->501 490->489 496->466 500->501 506 4b086f-4b0879 call 4a86ae 500->506 507 4b087e-4b08c1 501->507 508 4b086d 501->508 506->477 510 4b08c3-4b08c7 507->510 511 4b08e2-4b08f0 507->511 508->506 510->511 513 4b08c9-4b08dd 510->513 514 4b097b 511->514 515 4b08f6-4b08fa 511->515 513->511 514->477 515->514 516 4b08fc-4b092f CloseHandle call 4b039a 515->516 519 4b0963-4b0977 516->519 520 4b0931-4b095d GetLastError call 49f2a3 call 4a5333 516->520 519->514 520->519
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004B039A: CreateFileW.KERNELBASE(00000000,00000000,?,004B0704,?,?,00000000,?,004B0704,00000000,0000000C), ref: 004B03B7
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004B076F
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004B0776
                                                                                                                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 004B0782
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004B078C
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004B0795
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004B07B5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004B08FF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004B0931
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004B0938
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                    • Opcode ID: cb18f9704d0e1996127e410f90c157245a7c281c3dad1820270281190945ab6b
                                                                                                                                                                                                                                                    • Instruction ID: 5f4efc576b4c9747fe8e6d91a40abb87a0b57ef741c15577bbad3ba7bf4656cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb18f9704d0e1996127e410f90c157245a7c281c3dad1820270281190945ab6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDA14732A101048FDF19AF68D851BEF7BA0AB16324F24019EF811DB3D1CB398916DBA5

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00541418,?,00472E7F,?,?,?,00000000), ref: 00473A78
                                                                                                                                                                                                                                                      • Part of subcall function 00473357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00473379
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0047356A
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 004B318D
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 004B31CE
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004B3210
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004B3277
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004B3286
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                    • Opcode ID: 9fddc2023ad439ceeb70983f3b1b4d7a45f7b3249688bb24e522f98c87393341
                                                                                                                                                                                                                                                    • Instruction ID: 316e534060527b257b8257e1c62cb5e65253fc33d60a2de24d3f59d340697fdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fddc2023ad439ceeb70983f3b1b4d7a45f7b3249688bb24e522f98c87393341
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B67170714043109EC314EF66DC468EBBBF8FF96748F80492EF549931A0DB389A48DB66

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00472B8E
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00472B9D
                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00472BB3
                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00472BC5
                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00472BD7
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00472BEF
                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(?), ref: 00472C40
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: GetSysColorBrush.USER32(0000000F), ref: 00472D07
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: RegisterClassExW.USER32(00000030), ref: 00472D31
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00472D42
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: InitCommonControlsEx.COMCTL32(?), ref: 00472D5F
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00472D6F
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: LoadIconW.USER32(000000A9), ref: 00472D85
                                                                                                                                                                                                                                                      • Part of subcall function 00472CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00472D94
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                    • Opcode ID: ebd82b6ad2e29d6d53acfab9cdb26f2ed32a34065142ecb78494fcb87d1eddd8
                                                                                                                                                                                                                                                    • Instruction ID: f4b4ccd97fe59358d1e0b2bf1fb23e0834038d8a448a54b33ac119d0bdf1e65b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd82b6ad2e29d6d53acfab9cdb26f2ed32a34065142ecb78494fcb87d1eddd8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0215E78E40714AFDB109FA5EC45BDD7FB4FB1AB54F00491AF500A66A0D3B10588EF98
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0047BB4E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                    • String ID: p#T$p#T$p#T$p#T$p%T$p%T$x#T$x#T
                                                                                                                                                                                                                                                    • API String ID: 1385522511-3627864947
                                                                                                                                                                                                                                                    • Opcode ID: 9fe439ccb0149b795d24f7c4546e58f2aa85f4399d76fb859de53c6e409e765e
                                                                                                                                                                                                                                                    • Instruction ID: 63780ac5bfc5a33bafd4eaf62c33feb128d5272e5ad74aea98e6119b5aaf307f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fe439ccb0149b795d24f7c4546e58f2aa85f4399d76fb859de53c6e409e765e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3329C74A00219DFDB14DF54C894BFAB7B5EF44304F14805AE919AB361C778AD42CB9A

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 805 473170-473185 806 473187-47318a 805->806 807 4731e5-4731e7 805->807 808 47318c-473193 806->808 809 4731eb 806->809 807->806 810 4731e9 807->810 813 473265-47326d PostQuitMessage 808->813 814 473199-47319e 808->814 811 4b2dfb-4b2e23 call 4718e2 call 48e499 809->811 812 4731f1-4731f6 809->812 815 4731d0-4731d8 DefWindowProcW 810->815 851 4b2e28-4b2e2f 811->851 816 47321d-473244 SetTimer RegisterWindowMessageW 812->816 817 4731f8-4731fb 812->817 822 473219-47321b 813->822 819 4731a4-4731a8 814->819 820 4b2e7c-4b2e90 call 4dbf30 814->820 821 4731de-4731e4 815->821 816->822 826 473246-473251 CreatePopupMenu 816->826 823 473201-47320f KillTimer call 4730f2 817->823 824 4b2d9c-4b2d9f 817->824 827 4b2e68-4b2e72 call 4dc161 819->827 828 4731ae-4731b3 819->828 820->822 844 4b2e96 820->844 822->821 839 473214 call 473c50 823->839 836 4b2da1-4b2da5 824->836 837 4b2dd7-4b2df6 MoveWindow 824->837 826->822 840 4b2e77 827->840 833 4b2e4d-4b2e54 828->833 834 4731b9-4731be 828->834 833->815 838 4b2e5a-4b2e63 call 4d0ad7 833->838 842 4731c4-4731ca 834->842 843 473253-473263 call 47326f 834->843 845 4b2da7-4b2daa 836->845 846 4b2dc6-4b2dd2 SetFocus 836->846 837->822 838->815 839->822 840->822 842->815 842->851 843->822 844->815 845->842 847 4b2db0-4b2dc1 call 4718e2 845->847 846->822 847->822 851->815 855 4b2e35-4b2e48 call 4730f2 call 473837 851->855 855->815
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0047316A,?,?), ref: 004731D8
                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,0047316A,?,?), ref: 00473204
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00473227
                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0047316A,?,?), ref: 00473232
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00473246
                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00473267
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                    • Opcode ID: 944a2c847eec0a41369eb9627461898e26a42cd137a49e78abe6f79fbd3a2dce
                                                                                                                                                                                                                                                    • Instruction ID: 4aa4644b0e6ef7ec443349bcea01dc1f28db9584bf79f8239d43df9216d3265f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 944a2c847eec0a41369eb9627461898e26a42cd137a49e78abe6f79fbd3a2dce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC415A35250204A7DB141F788D09BFE3F59E71634AF14821BF50A863A2CB7C9E85B76E

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 861 471410-471449 862 4b24b8-4b24b9 DestroyWindow 861->862 863 47144f-471465 mciSendStringW 861->863 866 4b24c4-4b24d1 862->866 864 4716c6-4716d3 863->864 865 47146b-471473 863->865 868 4716d5-4716f0 UnregisterHotKey 864->868 869 4716f8-4716ff 864->869 865->866 867 471479-471488 call 47182e 865->867 870 4b24d3-4b24d6 866->870 871 4b2500-4b2507 866->871 882 4b250e-4b251a 867->882 883 47148e-471496 867->883 868->869 873 4716f2-4716f3 call 4710d0 868->873 869->865 874 471705 869->874 876 4b24d8-4b24e0 call 476246 870->876 877 4b24e2-4b24e5 FindClose 870->877 871->866 875 4b2509 871->875 873->869 874->864 875->882 881 4b24eb-4b24f8 876->881 877->881 881->871 887 4b24fa-4b24fb call 4e32b1 881->887 884 4b251c-4b251e FreeLibrary 882->884 885 4b2524-4b252b 882->885 888 4b2532-4b253f 883->888 889 47149c-4714c1 call 47cfa0 883->889 884->885 885->882 890 4b252d 885->890 887->871 891 4b2541-4b255e VirtualFree 888->891 892 4b2566-4b256d 888->892 898 4714c3 889->898 899 4714f8-471503 CoUninitialize 889->899 890->888 891->892 895 4b2560-4b2561 call 4e3317 891->895 892->888 896 4b256f 892->896 895->892 903 4b2574-4b2578 896->903 901 4714c6-4714f6 call 471a05 call 4719ae 898->901 902 471509-47150e 899->902 899->903 901->899 905 4b2589-4b2596 call 4e32eb 902->905 906 471514-47151e 902->906 903->902 907 4b257e-4b2584 903->907 919 4b2598 905->919 910 471707-471714 call 48f80e 906->910 911 471524-4715a5 call 47988f call 471944 call 4717d5 call 48fe14 call 47177c call 47988f call 47cfa0 call 4717fe call 48fe14 906->911 907->902 910->911 921 47171a 910->921 923 4b259d-4b25bf call 48fdcd 911->923 951 4715ab-4715cf call 48fe14 911->951 919->923 921->910 930 4b25c1 923->930 933 4b25c6-4b25e8 call 48fdcd 930->933 939 4b25ea 933->939 941 4b25ef-4b2611 call 48fdcd 939->941 947 4b2613 941->947 950 4b2618-4b2625 call 4d64d4 947->950 956 4b2627 950->956 951->933 957 4715d5-4715f9 call 48fe14 951->957 960 4b262c-4b2639 call 48ac64 956->960 957->941 961 4715ff-471619 call 48fe14 957->961 966 4b263b 960->966 961->950 967 47161f-471643 call 4717d5 call 48fe14 961->967 968 4b2640-4b264d call 4e3245 966->968 967->960 976 471649-471651 967->976 974 4b264f 968->974 977 4b2654-4b2661 call 4e32cc 974->977 976->968 978 471657-471675 call 47988f call 47190a 976->978 983 4b2663 977->983 978->977 986 47167b-471689 978->986 987 4b2668-4b2675 call 4e32cc 983->987 986->987 988 47168f-4716c5 call 47988f * 3 call 471876 986->988 993 4b2677 987->993 993->993
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00471459
                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE ref: 004714F8
                                                                                                                                                                                                                                                    • UnregisterHotKey.USER32(?), ref: 004716DD
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 004B24B9
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 004B251E
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 004B254B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                    • String ID: close all
                                                                                                                                                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                    • Opcode ID: a64bbfbe54a5891dc634c59412f1a77639e6cf4c525d89ed44652ccf1547a218
                                                                                                                                                                                                                                                    • Instruction ID: 41a89fbc42d5556e84abebda765313f4e096d4b46b58066fcd16cb636fe7c44d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a64bbfbe54a5891dc634c59412f1a77639e6cf4c525d89ed44652ccf1547a218
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDD1BF30701212DFCB29EF19C595AA9F7A0BF05704F14869FE44A6B361CB38AD12CF69

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1010 472c63-472cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00472C91
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00472CB2
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00471CAD,?), ref: 00472CC6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00471CAD,?), ref: 00472CCF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CreateShow
                                                                                                                                                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                    • Opcode ID: 9b0851c21ca9c3df0ff536c5fd11a22d7c09a877fec3cdcf471e8a56e7f0d31c
                                                                                                                                                                                                                                                    • Instruction ID: 8773c2434deec4e2d8e2920224a7c62925568af535555c43489ba57847c0bae5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b0851c21ca9c3df0ff536c5fd11a22d7c09a877fec3cdcf471e8a56e7f0d31c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F0F4795406907AE7311B176C48EBB3EBDD7D7F54F00045DF900935A0C6711898EAB4

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1435 473b1c-473b27 1436 473b99-473b9b 1435->1436 1437 473b29-473b2e 1435->1437 1438 473b8c-473b8f 1436->1438 1437->1436 1439 473b30-473b48 RegOpenKeyExW 1437->1439 1439->1436 1440 473b4a-473b69 RegQueryValueExW 1439->1440 1441 473b80-473b8b RegCloseKey 1440->1441 1442 473b6b-473b76 1440->1442 1441->1438 1443 473b90-473b97 1442->1443 1444 473b78-473b7a 1442->1444 1445 473b7e 1443->1445 1444->1445 1445->1441
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00473B0F,SwapMouseButtons,00000004,?), ref: 00473B40
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00473B0F,SwapMouseButtons,00000004,?), ref: 00473B61
                                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00473B0F,SwapMouseButtons,00000004,?), ref: 00473B83
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                    • Opcode ID: ecedaffa49e3c6c12ffb0fa5f9fb382622a685abc106724dfe5cf2e94ab57342
                                                                                                                                                                                                                                                    • Instruction ID: c4d8cad4f951a302d017bb82a7356b88755919caca2e6ac34dbc803851b55abf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecedaffa49e3c6c12ffb0fa5f9fb382622a685abc106724dfe5cf2e94ab57342
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15112AB5510208FFDB208FA5DC48AEFBBBCEF05745B10855AA809D7211D235AE44A7A4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 004B33A2
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00473A04
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                    • String ID: Line:
                                                                                                                                                                                                                                                    • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                    • Opcode ID: 9b3815ebda9424f842e47256f12e11d78f741917789173ffed2298d005069aff
                                                                                                                                                                                                                                                    • Instruction ID: 93521fb2dfe8a56becd4d0c862ab13062d977b9b7f378bcb3ba2f6d54b69a061
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b3815ebda9424f842e47256f12e11d78f741917789173ffed2298d005069aff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD31D2B1408300AAC720EF21DC45BEBB7D8AB91719F00892FF59D93191DB789A49D7DA
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 004B2C8C
                                                                                                                                                                                                                                                      • Part of subcall function 00473AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00473A97,?,?,00472E7F,?,?,?,00000000), ref: 00473AC2
                                                                                                                                                                                                                                                      • Part of subcall function 00472DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00472DC4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                    • String ID: X$`eS
                                                                                                                                                                                                                                                    • API String ID: 779396738-1127096306
                                                                                                                                                                                                                                                    • Opcode ID: 34d1f5f73ed00eb30f2a2da10eeded6f1fe1e1b6b56baff01c089b49ba4b606c
                                                                                                                                                                                                                                                    • Instruction ID: 455ed2338e2cbf9c4baf81624ada7b0e2e80ea54c89472a300c5644f5e1237a3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34d1f5f73ed00eb30f2a2da10eeded6f1fe1e1b6b56baff01c089b49ba4b606c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E219371A00258AFDF11DF95C845BEE7BF8AF49308F00805EE409B7241DBF85A898B65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00490668
                                                                                                                                                                                                                                                      • Part of subcall function 004932A4: RaiseException.KERNEL32(?,?,?,0049068A,?,00541444,?,?,?,?,?,?,0049068A,00471129,00538738,00471129), ref: 00493304
                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00490685
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                    • Opcode ID: 1e539fcbe0943c93244089ac4b0002628306d7ad3ba3373aaee0ad992b1f67ee
                                                                                                                                                                                                                                                    • Instruction ID: bf368b729c98a388234baf7db640f32c75e647cb4858a24f694c8339daebe3b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e539fcbe0943c93244089ac4b0002628306d7ad3ba3373aaee0ad992b1f67ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AF0F4208002087B8F00BAA5D846C9E7FAC6E00314B604437B924C25D1EF79DA1AC688
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00471BF4
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00471BFC
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00471C07
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00471C12
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00471C1A
                                                                                                                                                                                                                                                      • Part of subcall function 00471BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00471C22
                                                                                                                                                                                                                                                      • Part of subcall function 00471B4A: RegisterWindowMessageW.USER32(00000004,?,004712C4), ref: 00471BA2
                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0047136A
                                                                                                                                                                                                                                                    • OleInitialize.OLE32 ref: 00471388
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 004B24AB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1986988660-0
                                                                                                                                                                                                                                                    • Opcode ID: 90ebeefa8ccbcc0db1e436228d106909f00f99b2b6ae9fef0e2d63070456ec2f
                                                                                                                                                                                                                                                    • Instruction ID: aef96b8be3a904249a29a839edc00e66748b0a34c97371ee012be330b7b45be4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90ebeefa8ccbcc0db1e436228d106909f00f99b2b6ae9fef0e2d63070456ec2f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C71ACBC911A048EC784DF7AE9456D93EE0FBAA34C714862ED51AC7261EB3444C8EF4C
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00473A04
                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 004DC259
                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?), ref: 004DC261
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004DC270
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3500052701-0
                                                                                                                                                                                                                                                    • Opcode ID: b1c7bc55cde085d4139779b93c52895bc9c4b7784bc36845d9d282338906f7f9
                                                                                                                                                                                                                                                    • Instruction ID: 0178644c7bbf8f887cc7a4d6aa00960d5c0514d943f1126f47ac5871d4b21859
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1c7bc55cde085d4139779b93c52895bc9c4b7784bc36845d9d282338906f7f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9931B470904744AFEB328F6488A5BEBBBEC9B17308F0004DFE59A93341C7785A89CB55
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000,00000000,?,?,004A85CC,?,00538CC8,0000000C), ref: 004A8704
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,004A85CC,?,00538CC8,0000000C), ref: 004A870E
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004A8739
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2583163307-0
                                                                                                                                                                                                                                                    • Opcode ID: b30ec3d4449974dc85af4beb7790e9c00cba919a7e0c8d418a6f19d9373bd20d
                                                                                                                                                                                                                                                    • Instruction ID: 0de42b230528bc897c8caa8f6485e0c15860d8ddc551bb390bbe9aebe1f52711
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b30ec3d4449974dc85af4beb7790e9c00cba919a7e0c8d418a6f19d9373bd20d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2014C3260552026E62063346945B6F2B55CBB3778F38011FEC048B2D2DD6C8C858298
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0047DB7B
                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0047DB89
                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0047DB9F
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(0000000A), ref: 0047DBB1
                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,?,?), ref: 004C1CC9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3288985973-0
                                                                                                                                                                                                                                                    • Opcode ID: 07ccdcb06bd94aca55fa08d8cd1e5ff0e8159527d07ba7fc9bb56a3e64cf0195
                                                                                                                                                                                                                                                    • Instruction ID: 30472a1bbb036f34366819055fa03a217fc3b526a537be7e8ef5b09e42cb7bc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ccdcb06bd94aca55fa08d8cd1e5ff0e8159527d07ba7fc9bb56a3e64cf0195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16F054305443409BE730D7608C49FDB77B8EF56310F10461EF619931D0DB34A48C9B59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 004817F6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                    • String ID: CALL
                                                                                                                                                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                    • Opcode ID: 9041bf2983fb8d98676763b03cbae917e77141d6ddb4d2489193da2f66188a90
                                                                                                                                                                                                                                                    • Instruction ID: 7f408fe518a088465f19c082a07e2492b55b028f737932f80d76138b38d14094
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9041bf2983fb8d98676763b03cbae917e77141d6ddb4d2489193da2f66188a90
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3228B746082419FC714EF15C480B2EBBE5BF85318F24896FF4968B3A1D739E846CB4A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00473908
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                    • Opcode ID: e54e3eaa627b1c84a4acd7cf016f28c95a3d3dc1884fe220b682ac42877e0c91
                                                                                                                                                                                                                                                    • Instruction ID: 3844370b75cd977ed38a2e12e72205bd863066a167b6ede2624c18913448d5d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e54e3eaa627b1c84a4acd7cf016f28c95a3d3dc1884fe220b682ac42877e0c91
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C317CB05047019FD720EF65D8847DBBBE8FB59709F00092FF99983240E775AA48DB5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 0048F661
                                                                                                                                                                                                                                                      • Part of subcall function 0047D730: GetInputState.USER32 ref: 0047D807
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 004CF2DE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4149333218-0
                                                                                                                                                                                                                                                    • Opcode ID: b0e7e1be8ceee0ac226cc324831eb72ca59172621b773fc0f3d6fb577ace0d10
                                                                                                                                                                                                                                                    • Instruction ID: 5e185fc9adf73e6e175975e47b6beaf7eb5a7e45ef15e115fb7d1c0f84338ba3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e7e1be8ceee0ac226cc324831eb72ca59172621b773fc0f3d6fb577ace0d10
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF08231240205AFD314EF65D445B9ABBE4FF55765F00412EE85DD72A0DB74A804CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00474E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00474EDD,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E9C
                                                                                                                                                                                                                                                      • Part of subcall function 00474E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00474EAE
                                                                                                                                                                                                                                                      • Part of subcall function 00474E90: FreeLibrary.KERNEL32(00000000,?,?,00474EDD,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474EC0
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474EFD
                                                                                                                                                                                                                                                      • Part of subcall function 00474E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,004B3CDE,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E62
                                                                                                                                                                                                                                                      • Part of subcall function 00474E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00474E74
                                                                                                                                                                                                                                                      • Part of subcall function 00474E59: FreeLibrary.KERNEL32(00000000,?,?,004B3CDE,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E87
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2632591731-0
                                                                                                                                                                                                                                                    • Opcode ID: 04b06da8217ca6d1328e9d412dc94596df0b4a83ae34620409b2498fec8058e2
                                                                                                                                                                                                                                                    • Instruction ID: f4c7d4e6508179ee552df5e50f8306b7139444fd4968e1c0c54682431b7844e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04b06da8217ca6d1328e9d412dc94596df0b4a83ae34620409b2498fec8058e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9011C432600205AADB14BF62DC06BFD7BA5AF80715F10C42FF546AA1C1DFB89A059758
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                    • Opcode ID: 3dc38b6d1b85d3bcaf0b13cff46fcdd8b3475c173f10b924ed9cd0a0cee63e26
                                                                                                                                                                                                                                                    • Instruction ID: 4d5f0b0655f84bc795bc4ff65f9c878fef3e749b8c164a5c01941cbeea93d3ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dc38b6d1b85d3bcaf0b13cff46fcdd8b3475c173f10b924ed9cd0a0cee63e26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE11487590420AAFCB05DF58E9409DF7BF8EF49304F10405AF808AB312EA30DA11CBA9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004A4C7D: RtlAllocateHeap.NTDLL(00000008,00471129,00000000,?,004A2E29,00000001,00000364,?,?,?,0049F2DE,004A3863,00541444,?,0048FDF5,?), ref: 004A4CBE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A506C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 614378929-0
                                                                                                                                                                                                                                                    • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                    • Instruction ID: a73a174df72b15ef75f99d1c4a73296a12c2646623fbf4fed4508cc5213cffd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92014EB22047045BE3318F55DC41A5BFBECFB9A370F25051EE184932C0E6746805C778
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                    • Instruction ID: 7e7ef289032d3034477982bb430ae84475feedfd1289145c51c7b9bed4e3e3cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F0DB32511A1096DE317A6B8C05B573B589FB2338F10073FF410962D1DA7C9801859D
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00471129,00000000,?,004A2E29,00000001,00000364,?,?,?,0049F2DE,004A3863,00541444,?,0048FDF5,?), ref: 004A4CBE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: 5dbddd9d5946a7cb4a47c2369abdc387f50958e1a0dfe5f71616169b030fa874
                                                                                                                                                                                                                                                    • Instruction ID: 021bcc3de6bb4cac89837e5b53209b31a97328d4138db7665923d8723e099cdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dbddd9d5946a7cb4a47c2369abdc387f50958e1a0dfe5f71616169b030fa874
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DF0BB3150612466DF215F629D05F5F3B48AFF3774B164127B81D972C5CAF8D8025698
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6,?,00471129), ref: 004A3852
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: 250a27421a3015d611e94bbccb587d53d8698bdb820a068a75651ea2369e34b3
                                                                                                                                                                                                                                                    • Instruction ID: aa147f2934e9835df6985756c1c37a8926670a836d7fc416079c4cd35c8c7576
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 250a27421a3015d611e94bbccb587d53d8698bdb820a068a75651ea2369e34b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25E0A03110122456DA213F679C04B9B3AC8ABA37B6B05013FB804926C0EB1D9D0282AD
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474F6D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                                                                                                    • Opcode ID: f9ed9391c3f2789858b6326f8112aab9aa6fcb76b351e36a03d245b5c9c39f19
                                                                                                                                                                                                                                                    • Instruction ID: 5b321b09011458d2c894f32bd146ec2cff63eeedf43130c86fe3f20d42406d24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9ed9391c3f2789858b6326f8112aab9aa6fcb76b351e36a03d245b5c9c39f19
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF08570005302CFCB349F24D4908A2BBE0AF95329320CA7FE1EE82620C73A9848DB08
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00502A66
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2353593579-0
                                                                                                                                                                                                                                                    • Opcode ID: df82029118f12b5c3636a87bbc5132bb23920a5fead1a80e3baae0eee75f7794
                                                                                                                                                                                                                                                    • Instruction ID: fc9c2dce26b81ef95f824537ba067d9132064dd6a31871a1ee7633900a217022
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df82029118f12b5c3636a87bbc5132bb23920a5fead1a80e3baae0eee75f7794
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DE0DF72340116AAC720EB31DC948FE7B5CEB50399B00053BBC1BC2240DF34898582A4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0047314E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                    • Opcode ID: 141bcc27f4abf33e15025371c508a384dfaa0f1cf7c20cd5c88d9abe6dd1c9c3
                                                                                                                                                                                                                                                    • Instruction ID: b9aa83469da997dc6bff7b673a0b5dbbea3b4c5ec1270f9164de52f1f5a659b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 141bcc27f4abf33e15025371c508a384dfaa0f1cf7c20cd5c88d9abe6dd1c9c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F082709003149FEB629F24DC457DA7BACA70270CF0000E9A54897281DB74478CCB45
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00472DC4
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 541455249-0
                                                                                                                                                                                                                                                    • Opcode ID: 1b55c2f552a9776e02e9aeed03c20d2a304af208028447565b7db53d28e9bb2c
                                                                                                                                                                                                                                                    • Instruction ID: dd6de412b157095009c753d020d2f305b9ec459d6b3e85664be59330c0383658
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b55c2f552a9776e02e9aeed03c20d2a304af208028447565b7db53d28e9bb2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31E07D726001241BC71093588C05FEA77DDDFC8390F000176FC09E3208D964AD80C554
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00473908
                                                                                                                                                                                                                                                      • Part of subcall function 0047D730: GetInputState.USER32 ref: 0047D807
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00472B6B
                                                                                                                                                                                                                                                      • Part of subcall function 004730F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0047314E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3667716007-0
                                                                                                                                                                                                                                                    • Opcode ID: f59f868c04703730775f0f6804a0a041fe8b2c84d6d8acd7db936c17b92291f2
                                                                                                                                                                                                                                                    • Instruction ID: f197e01f7311b9d5e75dbf50eb98323990d525ffdfd494c39375b89a63942b68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f59f868c04703730775f0f6804a0a041fe8b2c84d6d8acd7db936c17b92291f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6E0262130024802CA08BF3298124EDAB999BE235EF00953FF04A431A3CF2C4989521A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,004B0704,?,?,00000000,?,004B0704,00000000,0000000C), ref: 004B03B7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                    • Opcode ID: c4d217e07b97edcacbedda96fdc7d27ee5055422a3e2069502622cf68fb8400c
                                                                                                                                                                                                                                                    • Instruction ID: 72d26cefe72c14ca3f8bf6fa4f5992220bdd40f2e6100744fc98f2519833f12c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4d217e07b97edcacbedda96fdc7d27ee5055422a3e2069502622cf68fb8400c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5D06C3204010DBBDF028F84DD06EDA3FAAFB48714F014100BE1856020C732E821EB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00471CBC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3098949447-0
                                                                                                                                                                                                                                                    • Opcode ID: 03928b945279cefb274caff0bcd2f64a119bb327a2d9a1a946b33d9997fa2598
                                                                                                                                                                                                                                                    • Instruction ID: 987a21a7152be67b2f3e5586eee0a9dd361419b61540cddc45a799314fa4ee62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03928b945279cefb274caff0bcd2f64a119bb327a2d9a1a946b33d9997fa2598
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17C09B3D2803049FF2144B80BC4BF947754A369F05F444401F609595E3C3A11454FA54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0050961A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0050965B
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0050969F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005096C9
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 005096F2
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 0050978B
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000009), ref: 00509798
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005097AE
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 005097B8
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005097E9
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 00509810
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001030,?,00507E95), ref: 00509918
                                                                                                                                                                                                                                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0050992E
                                                                                                                                                                                                                                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00509941
                                                                                                                                                                                                                                                    • SetCapture.USER32(?), ref: 0050994A
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 005099AF
                                                                                                                                                                                                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005099BC
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005099D6
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 005099E1
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00509A19
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00509A26
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00509A80
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 00509AAE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00509AEB
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 00509B1A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00509B3B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00509B4A
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00509B68
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00509B75
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00509B93
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00509BFA
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 00509C2B
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00509C84
                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00509CB4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00509CDE
                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 00509D01
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00509D4E
                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00509D82
                                                                                                                                                                                                                                                      • Part of subcall function 00489944: GetWindowLongW.USER32(?,000000EB), ref: 00489952
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00509E05
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGID$F$p#T
                                                                                                                                                                                                                                                    • API String ID: 3429851547-2265911392
                                                                                                                                                                                                                                                    • Opcode ID: 0b027d8080f870fc219ac4afbdd4fab7302ef08562c6a11e7607dcf05b43c763
                                                                                                                                                                                                                                                    • Instruction ID: 552ea61230036aa49b262d02b643d9a468b333070a4ea8e2abf9d82cd9ffe350
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b027d8080f870fc219ac4afbdd4fab7302ef08562c6a11e7607dcf05b43c763
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8429035508201AFDB24CF24CC44AAEBFE5FF4A314F184A1DF6558B2E6D732A854DB51
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005048F3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00504908
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00504927
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0050494B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0050495C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0050497B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005049AE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005049D4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00504A0F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00504A56
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00504A7E
                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00504A97
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00504AF2
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00504B20
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00504B94
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00504BE3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00504C82
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00504CAE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00504CC9
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00504CF1
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00504D13
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00504D33
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00504D5A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                    • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                    • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                    • Opcode ID: cce4d18b31efd902197fc81901b57017da8079a7a82d49220a71b88c729fae38
                                                                                                                                                                                                                                                    • Instruction ID: 759005c288b41ad39d2ed28a15d9d4af3f355c76c05448918c3a50a40602d6c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cce4d18b31efd902197fc81901b57017da8079a7a82d49220a71b88c729fae38
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E812EEB1600205ABEB249F28CD49FAE7FB8FF85314F104629FA15EA2E1DB749945CF50
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0048F998
                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004CF474
                                                                                                                                                                                                                                                    • IsIconic.USER32(00000000), ref: 004CF47D
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 004CF48A
                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 004CF494
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004CF4AA
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004CF4B1
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004CF4BD
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 004CF4CE
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 004CF4D6
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 004CF4DE
                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 004CF4E1
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004CF4F6
                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 004CF501
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004CF50B
                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 004CF510
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004CF519
                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 004CF51E
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004CF528
                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 004CF52D
                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 004CF530
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 004CF557
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                    • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                    • Opcode ID: 1f506f47616cb971d3f7813fb3b4aa04fa43975414dee1ec04c175d56d904706
                                                                                                                                                                                                                                                    • Instruction ID: f1b214ad4fc0bc4b8529a24d8936e3aba309b6096e04516cfc95db0ac848fe8b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f506f47616cb971d3f7813fb3b4aa04fa43975414dee1ec04c175d56d904706
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B319075A40218BFEB306FB54C4AFBF7E6DEB45B50F10012AFA00E61D1C7B55D04AAA5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004D170D
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004D173A
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: GetLastError.KERNEL32 ref: 004D174A
                                                                                                                                                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 004D1286
                                                                                                                                                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 004D12A8
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004D12B9
                                                                                                                                                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004D12D1
                                                                                                                                                                                                                                                    • GetProcessWindowStation.USER32 ref: 004D12EA
                                                                                                                                                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 004D12F4
                                                                                                                                                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004D1310
                                                                                                                                                                                                                                                      • Part of subcall function 004D10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004D11FC), ref: 004D10D4
                                                                                                                                                                                                                                                      • Part of subcall function 004D10BF: CloseHandle.KERNEL32(?,?,004D11FC), ref: 004D10E9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                    • String ID: $default$winsta0$ZS
                                                                                                                                                                                                                                                    • API String ID: 22674027-27793362
                                                                                                                                                                                                                                                    • Opcode ID: 88030a01de5b315efd3df3e52fb087b788bfd85162506c6df00ce0c6d587a5f8
                                                                                                                                                                                                                                                    • Instruction ID: 6dbca37d1f53ef13dfd402accb93674e6fa1f7e4115bcbcfa2c7fc03393b0a3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88030a01de5b315efd3df3e52fb087b788bfd85162506c6df00ce0c6d587a5f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE817871900208BBDF219FA4DC59BEF7BB9AF05708F14422BF910A62A0D7798945DB68
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004D1114
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1120
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D112F
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1136
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004D114D
                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004D0BCC
                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004D0C00
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 004D0C17
                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 004D0C51
                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004D0C6D
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 004D0C84
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 004D0C8C
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 004D0C93
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004D0CB4
                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 004D0CBB
                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004D0CEA
                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004D0D0C
                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004D0D1E
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0D45
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0D4C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0D55
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0D5C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0D65
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0D6C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 004D0D78
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0D7F
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: GetProcessHeap.KERNEL32(00000008,004D0BB1,?,00000000,?,004D0BB1,?), ref: 004D11A1
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,004D0BB1,?), ref: 004D11A8
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,004D0BB1,?), ref: 004D11B7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                    • Opcode ID: cd1e4914347315c1ff27775724d6519db4c548c7789da346ac6c8b5c68223693
                                                                                                                                                                                                                                                    • Instruction ID: 1cc5f6b24425ba2fc263965423e05156a95a01f3cbf3272432773e1b3ee11b40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd1e4914347315c1ff27775724d6519db4c548c7789da346ac6c8b5c68223693
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D717A7290020AAFDF10DFA4DD58BAFBBB9BF16700F044617E914A7391D779AA05CB60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OpenClipboard.USER32(0050CC08), ref: 004EEB29
                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 004EEB37
                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 004EEB43
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 004EEB4F
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 004EEB87
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 004EEB91
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004EEBBC
                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 004EEBC9
                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 004EEBD1
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 004EEBE2
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004EEC22
                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 004EEC38
                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 004EEC44
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 004EEC55
                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 004EEC77
                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 004EEC94
                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 004EECD2
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004EECF3
                                                                                                                                                                                                                                                    • CountClipboardFormats.USER32 ref: 004EED14
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 004EED59
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 420908878-0
                                                                                                                                                                                                                                                    • Opcode ID: 8485c57ac56f2b723c7628ef08ecd1946009e144cf703271fe81130e0c83218b
                                                                                                                                                                                                                                                    • Instruction ID: ae5502adcea6aabae1b819fae05a6f0e222cfd7aaa0fc68ecc1194e08b414eed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8485c57ac56f2b723c7628ef08ecd1946009e144cf703271fe81130e0c83218b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF6111342042429FD310EF26C884F7E7BA4AF95705F04465EF456872A2CB39ED0ADB66
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004E69BE
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E6A12
                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004E6A4E
                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004E6A75
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 004E6AB2
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 004E6ADF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                    • Opcode ID: 3165a6dee612ada23247403c85f41c440985c896128c34a113189a53e5efb45d
                                                                                                                                                                                                                                                    • Instruction ID: ce33c415656137898d939a2ae3ce9ec260c19077486d1454fdac05427a2d5879
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3165a6dee612ada23247403c85f41c440985c896128c34a113189a53e5efb45d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8ED15271508340AFC710EBA5C881EAFB7ECAF99708F44491EF589C7191EB78DA48C766
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 004E9663
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 004E96A1
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 004E96BB
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 004E96D3
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E96DE
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 004E96FA
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E974A
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00536B7C), ref: 004E9768
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 004E9772
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E977F
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E978F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                    • Opcode ID: 010eaf240c2615175e8df5463294c6e517646e4dc5172969d509dc4f242cc42e
                                                                                                                                                                                                                                                    • Instruction ID: 2b669297dece625c6640684105b0f62bf2af08c75fcfeefa23e776c4bdeba765
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 010eaf240c2615175e8df5463294c6e517646e4dc5172969d509dc4f242cc42e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1631F632500259BADF10AFB6DC09ADF7BACAF0A321F1041A7F855E21D1DB38DD488E18
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 004E97BE
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 004E9819
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E9824
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 004E9840
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E9890
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00536B7C), ref: 004E98AE
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 004E98B8
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E98C5
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E98D5
                                                                                                                                                                                                                                                      • Part of subcall function 004DDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 004DDB00
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                    • Opcode ID: 803850ac900858ab3426149891063069ac97b4af30c00ea3a1c56f9ca783b18d
                                                                                                                                                                                                                                                    • Instruction ID: 8225b70cdd8a0816ee862f67d692141e0b628aa0bd19b105800562fd31bcc1e5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 803850ac900858ab3426149891063069ac97b4af30c00ea3a1c56f9ca783b18d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0731C7315002596ADF10AFB6DC49ADF7BACBF06325F1441ABE850E22E1DB34DD498F29
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,004FB6AE,?,?), ref: 004FC9B5
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FC9F1
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA68
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA9E
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004FBF3E
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 004FBFA9
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FBFCD
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004FC02C
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 004FC0E7
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 004FC154
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 004FC1E9
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 004FC23A
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 004FC2E3
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004FC382
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FC38F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3102970594-0
                                                                                                                                                                                                                                                    • Opcode ID: 39fa88dc397eaaa835cf1d12279f552da7e41537b008cc58bf9662109389df83
                                                                                                                                                                                                                                                    • Instruction ID: 99204349e06ff076d5ac781e712618af3f85a02e80e01e50c8d47ed55484d105
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39fa88dc397eaaa835cf1d12279f552da7e41537b008cc58bf9662109389df83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27025D70604204AFD714DF24C995E2ABBE5EF89308F18C49EF94ACB2A2D735EC45CB56
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 004E8257
                                                                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 004E8267
                                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004E8273
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 004E8310
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E8324
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E8356
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 004E838C
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E8395
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                    • Opcode ID: 1d549f7a32fef3eebf84926ebf0aef71d5df3f1786454390f21f9e482c46f2a1
                                                                                                                                                                                                                                                    • Instruction ID: 54292d544e795a0569e973315904940f041904f0978c034d75459653729fec68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d549f7a32fef3eebf84926ebf0aef71d5df3f1786454390f21f9e482c46f2a1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A619D725043459FCB10EF62C84199FB3E8FF89318F04892EF98997251DB39E905CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00473A97,?,?,00472E7F,?,?,?,00000000), ref: 00473AC2
                                                                                                                                                                                                                                                      • Part of subcall function 004DE199: GetFileAttributesW.KERNEL32(?,004DCF95), ref: 004DE19A
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004DD122
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 004DD1DD
                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 004DD1F0
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 004DD20D
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 004DD237
                                                                                                                                                                                                                                                      • Part of subcall function 004DD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,004DD21C,?,?), ref: 004DD2B2
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 004DD253
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004DD264
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                    • Opcode ID: c8c081ead745a3dbf65270191348c0eb457367899390e31df7082280f3fb7113
                                                                                                                                                                                                                                                    • Instruction ID: 89d319a7b1196f65f0293633fcb7ffa77c3190f420668c9c9892966151d9edb5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8c081ead745a3dbf65270191348c0eb457367899390e31df7082280f3fb7113
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E61AF31C0110D9ACF05EBE1CDA29EEB7B5AF55304F2481ABE40677291EB385F09DB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                                                                                                                                    • Opcode ID: 5b6191954b263f3ff1ef4111f0d0d843cf8466cd7c96ffe880349795000d33a4
                                                                                                                                                                                                                                                    • Instruction ID: b3da2898fd92c4b72cef94944a404745a11c0a668cae205ba2ddb26717e2146c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b6191954b263f3ff1ef4111f0d0d843cf8466cd7c96ffe880349795000d33a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6941EF34604651AFD320CF1AD888F5ABBE1EF45319F14C19EE4598B7A2C73AEC46CB84
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004D170D
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004D173A
                                                                                                                                                                                                                                                      • Part of subcall function 004D16C3: GetLastError.KERNEL32 ref: 004D174A
                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 004DE932
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                    • Opcode ID: 8e760592ee4b2606073bec2327384fb83b7416f76266be6ebc7b90429b794341
                                                                                                                                                                                                                                                    • Instruction ID: 04583a36d6a5a455aba12b14367503feff94a004c0303dfb72cc41b193c2a086
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e760592ee4b2606073bec2327384fb83b7416f76266be6ebc7b90429b794341
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 530126B2611211BBEB1433B69CBAFBF769CA714744F140967FC03E63E2D5A85C448198
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 004F1276
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1283
                                                                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 004F12BA
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F12C5
                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 004F12F4
                                                                                                                                                                                                                                                    • listen.WSOCK32(00000000,00000005), ref: 004F1303
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F130D
                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 004F133C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 540024437-0
                                                                                                                                                                                                                                                    • Opcode ID: bae9789fa87d7dcb4e10e1a3695e5df80de6cabc9c83be3cedc7a412b532d6f8
                                                                                                                                                                                                                                                    • Instruction ID: 547bb06de2073c3097ee85def4ad4b4f0420a055d1557bfd7b00d8e3df4859a3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bae9789fa87d7dcb4e10e1a3695e5df80de6cabc9c83be3cedc7a412b532d6f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE41AD30600104DFD710DF64C488B2ABBE5AF46318F19818AE9569F3E2C735EC85CBA5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00473A97,?,?,00472E7F,?,?,?,00000000), ref: 00473AC2
                                                                                                                                                                                                                                                      • Part of subcall function 004DE199: GetFileAttributesW.KERNEL32(?,004DCF95), ref: 004DE19A
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004DD420
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 004DD470
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 004DD481
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004DD498
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004DD4A1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                    • Opcode ID: 533ccbed7ba58bbd43419bd8d63a1f6138459ca1f4bd0b6d4efb5edfd0087357
                                                                                                                                                                                                                                                    • Instruction ID: df30adc7f7ee44bdd5387b3873a3e00f19f612a513bd988f70e0bbce1c9e2876
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 533ccbed7ba58bbd43419bd8d63a1f6138459ca1f4bd0b6d4efb5edfd0087357
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 733172714183459BC300EF65C8528EF77A8AEA2308F448E1FF4D552291EB38AA1DD76B
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                    • Opcode ID: aa1f74930eb6007da51bab4db76c188fa97d478a9eb460f5aa7ef42602ff3ccb
                                                                                                                                                                                                                                                    • Instruction ID: 7284ac4cba3b7f77139319a45079c13eab2b619fc6b501948f1dfe71919fbd6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa1f74930eb6007da51bab4db76c188fa97d478a9eb460f5aa7ef42602ff3ccb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBC26B71E086288FDB24CE69DD407EAB7B5EB6A304F1441EBD41DE7240E778AE858F44
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E64DC
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004E6639
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0050FCF8,00000000,00000001,0050FB68,?), ref: 004E6650
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004E68D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                    • Opcode ID: ba600c10beb860ea7e1c794c70939e6440d4fa4d89ecfaeb20617096c159b9b8
                                                                                                                                                                                                                                                    • Instruction ID: 6c2a79e292524704cc66534d34339a15aa53b4e4f1a4e8e715daeaa0a8d007a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba600c10beb860ea7e1c794c70939e6440d4fa4d89ecfaeb20617096c159b9b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54D15C71608241AFC314EF25C881DABB7E9FF95348F00896EF5998B291DB34ED05CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 004F22E8
                                                                                                                                                                                                                                                      • Part of subcall function 004EE4EC: GetWindowRect.USER32(?,?), ref: 004EE504
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004F2312
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 004F2319
                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 004F2355
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 004F2381
                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 004F23DF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2387181109-0
                                                                                                                                                                                                                                                    • Opcode ID: 927c8f39924af614e15a11a39e9b286ed52f35718331ef746d3b1e3d6ed3429d
                                                                                                                                                                                                                                                    • Instruction ID: 442470e2cb7f721247ec17d8b216e9adbe1381a203e27ef9f5735cdae91f261b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 927c8f39924af614e15a11a39e9b286ed52f35718331ef746d3b1e3d6ed3429d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF31D2B25053199FC720DF25C845F6BBBA9FF85314F000A1EF98597291D778EA08CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 004E9B78
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 004E9C8B
                                                                                                                                                                                                                                                      • Part of subcall function 004E3874: GetInputState.USER32 ref: 004E38CB
                                                                                                                                                                                                                                                      • Part of subcall function 004E3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004E3966
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 004E9BA8
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 004E9C75
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                    • Opcode ID: c859f5c3c76af6026ae8174e4d3e549a5cfc3a3f587613473abd44b8353c1935
                                                                                                                                                                                                                                                    • Instruction ID: 7e85b223efb8c9dc76bc52fbc8b281396de8510268be8e5ed11d2d2c598e8135
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c859f5c3c76af6026ae8174e4d3e549a5cfc3a3f587613473abd44b8353c1935
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C41957190024A9FDF14EF65C849AEE7BB4FF05305F20415BE805A22D1D7349E44CF65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00489A4E
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00489B23
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00489B36
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3131106179-0
                                                                                                                                                                                                                                                    • Opcode ID: 453163e167e3d2203eba8fa89a2d62cfc6bbd0aeb6f022d38d1c464faf84b491
                                                                                                                                                                                                                                                    • Instruction ID: a2a1a0a49c410e35c24479cd9f63541ab3af6207ec87bc79b681227c8cb9d8bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 453163e167e3d2203eba8fa89a2d62cfc6bbd0aeb6f022d38d1c464faf84b491
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27A10A74205C44BFE668BA298C48E7F299DEB82354B1C050FF502C6BD5CA2D9D42D77E
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 004F307A
                                                                                                                                                                                                                                                      • Part of subcall function 004F304E: _wcslen.LIBCMT ref: 004F309B
                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 004F185D
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1884
                                                                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 004F18DB
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F18E6
                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 004F1915
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1601658205-0
                                                                                                                                                                                                                                                    • Opcode ID: 28c999c03233a1431aa15738782aea01a09ce4f29ac7b7b0b2222ea339040ad9
                                                                                                                                                                                                                                                    • Instruction ID: e3ef8214e10ce7033970c22dae77b2cb746cbf795876f8ccf1d557fb2e522192
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28c999c03233a1431aa15738782aea01a09ce4f29ac7b7b0b2222ea339040ad9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB51B171A00200AFD710AF24C886F6A77A5AB45718F14C49EFA0A5F3D3C679AD418BA5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 292994002-0
                                                                                                                                                                                                                                                    • Opcode ID: 48628f70762b089d01b69b202b63df37576746bd4164f58ad9b81afe3106786a
                                                                                                                                                                                                                                                    • Instruction ID: 5a7fbf7cc8da7caf7dde50b8c8262b2d52be04982129b7581713e5eba5a1e1df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48628f70762b089d01b69b202b63df37576746bd4164f58ad9b81afe3106786a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E219131740A115FE7208F2AC888B6E7FA5FF95315F19806DE84A8B291CB71DC42CB99
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                    • API String ID: 0-1546025612
                                                                                                                                                                                                                                                    • Opcode ID: 8c22bb71e7ce617497f333cceda56bd42c9065c130f72fb1617ecf6418989798
                                                                                                                                                                                                                                                    • Instruction ID: 4d8c4f25e7ea104b3c62a0fe6341c91825bb76950de611264b3d298c3bcc51bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c22bb71e7ce617497f333cceda56bd42c9065c130f72fb1617ecf6418989798
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4A28F70E4021ACBDF24CF58C9447EEB7B1BB54310F2581ABD819A7381EB789D81CB69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 004D82AA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                                                                                                    • String ID: ($tbS$|
                                                                                                                                                                                                                                                    • API String ID: 1659193697-2799688314
                                                                                                                                                                                                                                                    • Opcode ID: b0ce3b93621c124b9c0bffbd9769dbcbdc2b81a83daae0a330d10d12f271dca9
                                                                                                                                                                                                                                                    • Instruction ID: ad2dc3d88c26bc99d052ca5f51719c4087ce4f1f697e856188c0b297a4d8cfe7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0ce3b93621c124b9c0bffbd9769dbcbdc2b81a83daae0a330d10d12f271dca9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A324474A006059FCB28DF19C491A6AB7F0FF48720B15C56FE89ADB3A1EB74E941CB44
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 004DAAAC
                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 004DAAC8
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 004DAB36
                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 004DAB88
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                    • Opcode ID: adf277207e91e7a5ec5c625a1b5937cf817d8f35e5a2050650bbf37233e8ed17
                                                                                                                                                                                                                                                    • Instruction ID: e2798ae596a3af6ee5da1c089fc8117d5d3b7e42c40c2da92cd35f99352803f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adf277207e91e7a5ec5c625a1b5937cf817d8f35e5a2050650bbf37233e8ed17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A310C30A40204AEEF35CB658C257FB7BA6AB45310F04431BF281553D0D37D99A6D75B
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ABB7F
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32 ref: 004ABB91
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,?,0054121C,000000FF,?,0000003F,?,?), ref: 004ABC09
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,?,00541270,000000FF,?,0000003F,?,?,?,0054121C,000000FF,?,0000003F,?,?), ref: 004ABC36
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 806657224-0
                                                                                                                                                                                                                                                    • Opcode ID: 68ade05e421bb79f86129f0cd54c2de9636e613770457aa7b3437816f6845165
                                                                                                                                                                                                                                                    • Instruction ID: b3c60fd9a5ab90c4082ddb2b4f53935ad12fa55130a8de9e56a7e60d400828c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68ade05e421bb79f86129f0cd54c2de9636e613770457aa7b3437816f6845165
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131B074908205DFCB11DF6A9C8086EBBB8FF67324714425EE011DB3A2D7749945DB98
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 004ECE89
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 004ECEEA
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 004ECEFE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 234945975-0
                                                                                                                                                                                                                                                    • Opcode ID: 438a916bfd350bd4fffe6e53245edb653e44fcd6fd35f5945b8c2652ee5d2866
                                                                                                                                                                                                                                                    • Instruction ID: 511edc5a3887e8c896285fc7e5f27ca6ff0b3a3f42c508f349b15a023c3bcb0d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 438a916bfd350bd4fffe6e53245edb653e44fcd6fd35f5945b8c2652ee5d2866
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D21D171500305AFDB20DF5AC985BAB7BF8EB10315F10441FE54292251D738ED069B58
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004E5CC1
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 004E5D17
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 004E5D5F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3541575487-0
                                                                                                                                                                                                                                                    • Opcode ID: 3b4806ca178b7ae61aa6ad4cb28b9b85cac2793c070477a93004c922e80dd5f9
                                                                                                                                                                                                                                                    • Instruction ID: 25d3b4417b2d355ca48267bc05a7314c838c37789e4abdae96caf1058ec0df7b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b4806ca178b7ae61aa6ad4cb28b9b85cac2793c070477a93004c922e80dd5f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B51CC346006419FC714DF29C894E9ABBE4FF4A318F14855EE95A8B3A2CB34EC04CF95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 004A271A
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004A2724
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 004A2731
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                    • Opcode ID: 6293a6d1677b8babb7504e201f59c53d01d8a2da946795d3019095ab5d38f32f
                                                                                                                                                                                                                                                    • Instruction ID: 81a7f77907eb639c95462be8683d33348b8dab5378d93f49e78e9d5ca0b093c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6293a6d1677b8babb7504e201f59c53d01d8a2da946795d3019095ab5d38f32f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE31D87491121CABCB21DF69DD887DDBBB8AF18310F5041EAE80CA7260E7749F859F48
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 004E51DA
                                                                                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 004E5238
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 004E52A1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1682464887-0
                                                                                                                                                                                                                                                    • Opcode ID: 19dd4ca66a196f03bca311105e44d08aeaab6850ccb85a3372cf626f62e73eaf
                                                                                                                                                                                                                                                    • Instruction ID: 8ee761871a2e6577a4fcd7e5072e09a808b0cd48d5ce16282ce2e2ab44f61349
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19dd4ca66a196f03bca311105e44d08aeaab6850ccb85a3372cf626f62e73eaf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02318035A00608DFDB00DF55D884EADBBB4FF09318F04809AE9099B392CB35E845CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0048FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00490668
                                                                                                                                                                                                                                                      • Part of subcall function 0048FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00490685
                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004D170D
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004D173A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004D174A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 577356006-0
                                                                                                                                                                                                                                                    • Opcode ID: e6f8b96ef6248091e836dd04b5e1c2cef913aaad3390f6a67a18ee14c75f2993
                                                                                                                                                                                                                                                    • Instruction ID: 5ccdd258cb5c5f62f222c5e22cff65f60cfbc64cb107904acde3459ddab26884
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6f8b96ef6248091e836dd04b5e1c2cef913aaad3390f6a67a18ee14c75f2993
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C11BCB2400204BFE728AF64DC86D6FBBFDEB04714B20852FE45652251EB74BC458B24
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004DD608
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 004DD645
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004DD650
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 33631002-0
                                                                                                                                                                                                                                                    • Opcode ID: ac23e92b3ab0b28097b03ac316bc68d2dba4ce26d6bf755cc47478025a3d88ec
                                                                                                                                                                                                                                                    • Instruction ID: e74748311718ed9827ca3cd6eebc9cf13b771d7d0215917ebfb5ad9368f78ec5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac23e92b3ab0b28097b03ac316bc68d2dba4ce26d6bf755cc47478025a3d88ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3113C75E05228BBDB108F959C45FAFBFBCEB45B50F108156F904E7290D6704A059BA1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 004D168C
                                                                                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004D16A1
                                                                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 004D16B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3429775523-0
                                                                                                                                                                                                                                                    • Opcode ID: ac32cb7cca0647c8254db13463fbc681f7323a3eb5d1c3b54717584c64142bf7
                                                                                                                                                                                                                                                    • Instruction ID: aa21faa6c93250fd73c1b715bed8c1f44d97167b201acf93b67b6b56e539538b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac32cb7cca0647c8254db13463fbc681f7323a3eb5d1c3b54717584c64142bf7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF0F471950309FBEB00DFE49D89EAEBBBCEB08604F504565E901E2191E774AA489A54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 004CD28C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                                                    • String ID: X64
                                                                                                                                                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                    • Opcode ID: e5c3610d2a980a71810a56064f827639f37a732fbf82958dac789b4d9c065969
                                                                                                                                                                                                                                                    • Instruction ID: 5263b6728c58246a4bb8f71183cbf74d4165a1f400d398e7153593ba7a6cd82a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5c3610d2a980a71810a56064f827639f37a732fbf82958dac789b4d9c065969
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FD0C9B4C0111DEACB94DB90DC8CDDDB77CBB15305F1006A6F106A2040D734954A9F10
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                    • Instruction ID: 951b8168aeb770427b09f0bfecd071762aa7dcb49093e11a2ce9375d68cfe763
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B021D71E002199FDF14CFA9C9C06AEFBF1EF48314F25426AD919E7384D735AA418B94
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: Variable is not of type 'Object'.$p#T
                                                                                                                                                                                                                                                    • API String ID: 0-1037378240
                                                                                                                                                                                                                                                    • Opcode ID: 1f4b5fc0c2169ea36eb5e1052c5d20a1c02b05f0b80f322821a9d849a49df36f
                                                                                                                                                                                                                                                    • Instruction ID: 729409fcfda955506dbf407aa3ad557c2e3594ee704f05bfe0071501bda9289a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f4b5fc0c2169ea36eb5e1052c5d20a1c02b05f0b80f322821a9d849a49df36f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3326B74900218DBDF24DF94C885BEEB7B5BF05308F14805FE80AAB291D779AE46CB59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004E6918
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004E6961
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: e5498c3f6ad93921122a1a139cc10458eed299905c4386ab379444f24b270301
                                                                                                                                                                                                                                                    • Instruction ID: b5c36253c56810442aa49081718d891614c3c46d7724f2367a359b4c40eb0eb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5498c3f6ad93921122a1a139cc10458eed299905c4386ab379444f24b270301
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E211BE756042419FC710DF2AC484A1ABBE1EF85329F15C69EE4698F7A2C734EC05CB91
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,004F4891,?,?,00000035,?), ref: 004E37E4
                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,004F4891,?,?,00000035,?), ref: 004E37F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                                                                                                                    • Opcode ID: fbad29c139d6b98bb28a67bec55a0c29dccd523f51450f680cb0da5dc11aeada
                                                                                                                                                                                                                                                    • Instruction ID: ba2889a00e33a3296c419c00f1870b7f8d5577edd47add23e7af6f635019cbab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbad29c139d6b98bb28a67bec55a0c29dccd523f51450f680cb0da5dc11aeada
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FF05C706002142AD72017674C4CFEB7A9DDFC5762F00022AF109D3280C5604D04C6B4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 004DB25D
                                                                                                                                                                                                                                                    • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 004DB270
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3536248340-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ef27eba9d8ee38937fcb26efe0edec434be44981ec516dde47df3ee7cb4073a
                                                                                                                                                                                                                                                    • Instruction ID: 642d378b55bd597ce691d4286d203acebe1a4bf71aef72d54baab7705d4cd0d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ef27eba9d8ee38937fcb26efe0edec434be44981ec516dde47df3ee7cb4073a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF01D7580424DABDB059FA0C806BAE7FB4FF05305F00804AF955A5291C37986159F94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004D11FC), ref: 004D10D4
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,004D11FC), ref: 004D10E9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                                                                    • Opcode ID: a24ef038922b9f9090f97a0041aec2b8fba316962e6b54106b49d55a67025849
                                                                                                                                                                                                                                                    • Instruction ID: 1b93297f0e6f6bd26864825b3bc8681f823e18d9487f13a2c7465e5a88f7e2ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a24ef038922b9f9090f97a0041aec2b8fba316962e6b54106b49d55a67025849
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3E04F32014600EEE7252B11FC09E7B7BE9EB04310B10892EF5A6805B1DB626CA4EB14
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004A6766,?,?,00000008,?,?,004AFEFE,00000000), ref: 004A6998
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                    • Opcode ID: e2a4c42b4943d3c3e045a3979ddfede52119fd9f4e26c7f53993898c12f5fea8
                                                                                                                                                                                                                                                    • Instruction ID: 7f5facac500619a4bbb2d457943e15993d293cb1c4f8a0b554624891b7bdb28a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2a4c42b4943d3c3e045a3979ddfede52119fd9f4e26c7f53993898c12f5fea8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBB15D716106089FD715CF28C48AB667BE0FF16364F2A865DE899CF2A1C339D992CB44
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 42986f747aef5da1225b8a39a6f328adab294fcbd7609416a78b976ecd6f8012
                                                                                                                                                                                                                                                    • Instruction ID: 7dcbc91222f533880d8cc3a3db9d94e32ad18e0eadbbb4f052c5708a11903e0c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42986f747aef5da1225b8a39a6f328adab294fcbd7609416a78b976ecd6f8012
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6126F759002299FCB54DF58C881BEEB7B5FF48710F14859BE809EB251DB389E81CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • BlockInput.USER32(00000001), ref: 004EEABD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockInput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                                                                                                                                    • Opcode ID: e445a2ba84b749deeaa7bdbc471cda796d91a4e142dd69f8ee9f5f2eb1069989
                                                                                                                                                                                                                                                    • Instruction ID: 4c555fd026f450e56b1e55e3f1a6857d8436146f6f55f5f645b396af3298beb2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e445a2ba84b749deeaa7bdbc471cda796d91a4e142dd69f8ee9f5f2eb1069989
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EE01A31200204AFC710EF6BD844E9ABBE9AF99764F00842BFC49C7391DB74A8418B95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,004903EE), ref: 004909DA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                    • Opcode ID: e44d2b2d5ab2048c99f9d9e07b443abca4f4950fb2ade50f3bec88928d4c0b37
                                                                                                                                                                                                                                                    • Instruction ID: 229da2da639e2117a622fc914b35f8fd352f5341fad6e4a413bc482743502d3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e44d2b2d5ab2048c99f9d9e07b443abca4f4950fb2ade50f3bec88928d4c0b37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                    • Instruction ID: c0d6977a491d5e5ab168146f9bf2e32c85bb4f8bd67a0d15dca91974692d9f58
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A5113A163C6055AEF38E669889D7BF2F85DB42344F18093BD88297382C61DDE06D35E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0&T
                                                                                                                                                                                                                                                    • API String ID: 0-1962027595
                                                                                                                                                                                                                                                    • Opcode ID: 5f81ef7029f2cbdcee1e558265b644e10609613b13fbeb356fbf6cd93205b0d1
                                                                                                                                                                                                                                                    • Instruction ID: 002f98e614d521b53f73e2985056ffd7cfad467afbc9fc68202f6ec7d86ddfef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f81ef7029f2cbdcee1e558265b644e10609613b13fbeb356fbf6cd93205b0d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19212B322201108BD728CF7AC9136BE73E9A764314F558A2EE4A3C37C0DE79A904D784
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 924e5d974267278247ab6e60cc120f9bf1f1f09cd826890a8eee4b9e6510756f
                                                                                                                                                                                                                                                    • Instruction ID: f4c7e2c35f2d3a63c6ca2315a44a985e4f3ddd255a12d4cb541841ad5bc34975
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 924e5d974267278247ab6e60cc120f9bf1f1f09cd826890a8eee4b9e6510756f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0322122D29F014DD7239634DC22336A68DAFB73C5F15D737E81AB5EAAEB29C4835104
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0aa60a66ea56df9f1b959b63bb25c4c1a1a1cee1f2eca4a9a93b0d4ff804eee1
                                                                                                                                                                                                                                                    • Instruction ID: e1560e0b6d2309b8d3d6fbc817e667c9be78a4f928917f34b26fc3b871865a2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa60a66ea56df9f1b959b63bb25c4c1a1a1cee1f2eca4a9a93b0d4ff804eee1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5132E439A001158BDF68DE29C4D4B7E77A1EB45300F28856FD44E9B391E23CDD82DB69
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: df9ae535fbecfca417ab5725e27c44783794b3a7f5ee791e5b211c8009313bd7
                                                                                                                                                                                                                                                    • Instruction ID: 11bdd68d0044604d9b775129fa16bf29a1c15df0dc26cc1e401ccf35690eae18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df9ae535fbecfca417ab5725e27c44783794b3a7f5ee791e5b211c8009313bd7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0622BEB0A006099FDF14DF65C881BEEB3B5FF48304F14852AE816A7391E739AD15CB69
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: afbcb4e35e6b1287936375de55f2b218e3e4a108e642e3e33ad1a498a416d934
                                                                                                                                                                                                                                                    • Instruction ID: a2030e80a574d06cd4e654fb72cf8bb6b695d2e72761e7266a898127f32bcaff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afbcb4e35e6b1287936375de55f2b218e3e4a108e642e3e33ad1a498a416d934
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F02D8B0A00105EBDF04DF65D841AEEB7B5FF44304F10856AE80ADB391E739AE25CB99
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 177ef0d8ebab433df7176630ff80a654e71cd8403a2c2bad72f77b3a583cf302
                                                                                                                                                                                                                                                    • Instruction ID: 4733de3a3c6ed13525ddf95b1d3a5cbc43df07d379a6dfd2331668381a483f24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 177ef0d8ebab433df7176630ff80a654e71cd8403a2c2bad72f77b3a583cf302
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CB1E020D2AF404DD72397398831336FA5CAFBB6D5B91D71BFC2674D22EB2286879144
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                    • Instruction ID: 013814413c50ce5158f7550436b7b89d5bc7aad2f51b9ddb305a79f632a7367e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB9188722080A34ADF2D463A857443FFFE15A523A131A07BFD4F2CA2E5EE28D555D624
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                    • Instruction ID: 7cd37b537c80902e942ac018ba312b3965539be1f8b7fc5fd688ae98b3375dc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D9186722090A31ADF2D4239857543FFFE15A923A131A07BFD4F2CB2D5EE688564E624
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                    • Instruction ID: 794a426036d23ac38b7e7f5f77a7e8f48b6d7a0675139f5f663f8d11cc6a4bde
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A9164722090A34EDF29427A857403FFFE15A923A231A07BFD4F2CA2E1FD189955D624
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5c89906bce008d40f50601f0e192e32164b3a128ec775462853151169f534371
                                                                                                                                                                                                                                                    • Instruction ID: cb436bd4c9a37e490c8ff17575930050b94e4b0618b74e3d0c9742dd71f81fb3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c89906bce008d40f50601f0e192e32164b3a128ec775462853151169f534371
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D61477122870966DE389A2C8895BBF3F95DF41708F14093FE942DB392D61DAE42835E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: ff4614865d6065ffdda920728db324008718a8f0062e60348ccee717eae450af
                                                                                                                                                                                                                                                    • Instruction ID: 2adaa4b4850a0b9be3608b0dc38b0474482684e51bc9b6865dfedab184da19c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff4614865d6065ffdda920728db324008718a8f0062e60348ccee717eae450af
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D61797126870997DE384A2C5895BBF2F84AF42748F140A7FE942DB381DA1E9D42835E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                    • Instruction ID: 16344dd00831e33e31a195d26569a79f8374e84062745fd91d69c546acacf672
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B8166726090A30DDF6D8279857443FFFE15A923A131A07BFD4F2CA2E1EE28D554E624
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 36fbfc4a2e87572c6921b0728886e5bedb99296800ae5764114319e1c6c74bbf
                                                                                                                                                                                                                                                    • Instruction ID: 641d18d1bd2320c4e68d753df540fa88c8b597c7e7ee4246fd13df77f2601f16
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36fbfc4a2e87572c6921b0728886e5bedb99296800ae5764114319e1c6c74bbf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 466109B45186C09FC7B5CF208598EA6BFE0EF16315B1AC8EFC5460F293D634994AC74A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004F2B30
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004F2B43
                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 004F2B52
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004F2B6D
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 004F2B74
                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 004F2CA3
                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004F2CB1
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2CF8
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004F2D04
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004F2D40
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2D62
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2D75
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2D80
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 004F2D89
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2D98
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004F2DA1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2DA8
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004F2DB3
                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2DC5
                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,0050FC38,00000000), ref: 004F2DDB
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004F2DEB
                                                                                                                                                                                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 004F2E11
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 004F2E30
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F2E52
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 004F303F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                    • Opcode ID: 05afdc4302cb5fecdf0bb9e10a4b065dd7a3ef6cbb6ea611da23c1dbb18a56d1
                                                                                                                                                                                                                                                    • Instruction ID: 907824631e14efb9081bed39fb8d66520fe033513a72645bc4158bdcaf45bbe8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05afdc4302cb5fecdf0bb9e10a4b065dd7a3ef6cbb6ea611da23c1dbb18a56d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD02BE71900208AFDB14CF64CD89EAE7BB9FF49714F008619F915AB2A1CB74AD05DB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 0050712F
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00507160
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 0050716C
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00507186
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00507195
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 005071C0
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 005071C8
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 005071CF
                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 005071DE
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 005071E5
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00507230
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00507262
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00507284
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: GetSysColor.USER32(00000012), ref: 00507421
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: SetTextColor.GDI32(?,?), ref: 00507425
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: GetSysColorBrush.USER32(0000000F), ref: 0050743B
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: GetSysColor.USER32(0000000F), ref: 00507446
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: GetSysColor.USER32(00000011), ref: 00507463
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00507471
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: SelectObject.GDI32(?,00000000), ref: 00507482
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: SetBkColor.GDI32(?,00000000), ref: 0050748B
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: SelectObject.GDI32(?,?), ref: 00507498
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005074B7
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005074CE
                                                                                                                                                                                                                                                      • Part of subcall function 005073E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005074DB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4124339563-0
                                                                                                                                                                                                                                                    • Opcode ID: f6989073992e949bba0d1d32f8ccacffcb0b036e29a170a39eaaf714bee958ff
                                                                                                                                                                                                                                                    • Instruction ID: bbd7800c65417a87e1334c053de96f87b89253bf4895fc671e228418217c4b77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6989073992e949bba0d1d32f8ccacffcb0b036e29a170a39eaaf714bee958ff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DA1AF76408306AFDB109F64DC48A6F7FA9FF9A320F100B19F962961E1D731E948DB51
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00488E14
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 004C6AC5
                                                                                                                                                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 004C6AFE
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004C6F43
                                                                                                                                                                                                                                                      • Part of subcall function 00488F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00488BE8,?,00000000,?,?,?,?,00488BBA,00000000,?), ref: 00488FC5
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 004C6F7F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 004C6F96
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 004C6FAC
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 004C6FB7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: b73ecaaf743d58781997c37bda4f4a390afbbe746070d4fb8367df7704569939
                                                                                                                                                                                                                                                    • Instruction ID: 9b617b17e55d7d5bdaa55607a9c5899dabf440afbe464ee5bc9b95035f767cb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b73ecaaf743d58781997c37bda4f4a390afbbe746070d4fb8367df7704569939
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A12DC382006019FCB64DF24C844FBABBE1FB59304F55896EE485CB261CB39EC96DB59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 004F273E
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004F286A
                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 004F28A9
                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 004F28B9
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 004F2900
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004F290C
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 004F2955
                                                                                                                                                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004F2964
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 004F2974
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004F2978
                                                                                                                                                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 004F2988
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004F2991
                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 004F299A
                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004F29C6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 004F29DD
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 004F2A1D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 004F2A31
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 004F2A42
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 004F2A77
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 004F2A82
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 004F2A8D
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 004F2A97
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                    • Opcode ID: 381e0339cfc5708c17363e4ca4368ce5dec7b08463b1480a4b3b49c67ef9284f
                                                                                                                                                                                                                                                    • Instruction ID: e6b3a28c258c30203b9e0ba342cc9ac1a29afd81eb96f8f826a84a1783a4d0c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 381e0339cfc5708c17363e4ca4368ce5dec7b08463b1480a4b3b49c67ef9284f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CB18D75A00209BFEB10DFA8CD45FAE7BA9EB09714F008619FA15E72D0D774AD44CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 004E4AED
                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,0050CB68,?,\\.\,0050CC08), ref: 004E4BCA
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,0050CB68,?,\\.\,0050CC08), ref: 004E4D36
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                    • Opcode ID: 8d29dbd1732aae44f231580cc64a17f1bf46f5647592cd57d9f08d7ed1237744
                                                                                                                                                                                                                                                    • Instruction ID: bec797f404f64bc2a8d0ac712a977249236b126bee90154083472bdee5b213d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d29dbd1732aae44f231580cc64a17f1bf46f5647592cd57d9f08d7ed1237744
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA61C330601145ABCB04DF16C9819AD7BA0BB85306B35851BE80AAB751DB3DED42DB5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00507421
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00507425
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 0050743B
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00507446
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 0050744B
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000011), ref: 00507463
                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00507471
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00507482
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 0050748B
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00507498
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 005074B7
                                                                                                                                                                                                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005074CE
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 005074DB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0050752A
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00507554
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00507572
                                                                                                                                                                                                                                                    • DrawFocusRect.USER32(?,?), ref: 0050757D
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000011), ref: 0050758E
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00507596
                                                                                                                                                                                                                                                    • DrawTextW.USER32(?,005070F5,000000FF,?,00000000), ref: 005075A8
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 005075BF
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 005075CA
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 005075D0
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 005075D5
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 005075DB
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 005075E5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1996641542-0
                                                                                                                                                                                                                                                    • Opcode ID: 84f36961f5923d9f8ac2d0e04b05f4ea343914c816381b4b0b860e2828cf81d4
                                                                                                                                                                                                                                                    • Instruction ID: 02a186dbade919a13c23a9bafbaa47cf517eaca337852e65a3a640246d4b74dc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84f36961f5923d9f8ac2d0e04b05f4ea343914c816381b4b0b860e2828cf81d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC617976D00218AFDF019FA4DC48AEEBFB9FB0A320F144615F911AB2E1D774A940DB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00501128
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0050113D
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00501144
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00501199
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 005011B9
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005011ED
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0050120B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0050121D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00501232
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00501245
                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 005012A1
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005012BC
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005012D0
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 005012E8
                                                                                                                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 0050130E
                                                                                                                                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00501328
                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0050133F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 005013AA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                    • Opcode ID: c95c65180b62c4a07389aa6813809e090686557e106aef1a7787aa01fa74a6c0
                                                                                                                                                                                                                                                    • Instruction ID: d37f2b257eb1106737e965b9766fee60c987c4a632c805882f04d47ade7f9bd8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c95c65180b62c4a07389aa6813809e090686557e106aef1a7787aa01fa74a6c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44B16771604741AFD714DF65C888BAEBBE4FB84744F00891DF9999B2A1CB31E844CB9A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00488968
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00488970
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0048899B
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 004889A3
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 004889C8
                                                                                                                                                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004889E5
                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 004889F5
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00488A28
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00488A3C
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00488A5A
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00488A76
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00488A81
                                                                                                                                                                                                                                                      • Part of subcall function 0048912D: GetCursorPos.USER32(?), ref: 00489141
                                                                                                                                                                                                                                                      • Part of subcall function 0048912D: ScreenToClient.USER32(00000000,?), ref: 0048915E
                                                                                                                                                                                                                                                      • Part of subcall function 0048912D: GetAsyncKeyState.USER32(00000001), ref: 00489183
                                                                                                                                                                                                                                                      • Part of subcall function 0048912D: GetAsyncKeyState.USER32(00000002), ref: 0048919D
                                                                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,004890FC), ref: 00488AA8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                    • Opcode ID: dca32a50c4845ff92f8fc6f193dbbf3d9b63334863bd013a5ae06e63f31a97a0
                                                                                                                                                                                                                                                    • Instruction ID: ce94df75b962b748732101d83eb325fe8ccc15da656636364a7f03e2b0cc99ae
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dca32a50c4845ff92f8fc6f193dbbf3d9b63334863bd013a5ae06e63f31a97a0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9B18E79A002099FDB14EF68CC45BEE3BB5FB48314F11462AFA15A7290DB38A841DF59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004D1114
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1120
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D112F
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1136
                                                                                                                                                                                                                                                      • Part of subcall function 004D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004D114D
                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004D0DF5
                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004D0E29
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 004D0E40
                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 004D0E7A
                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004D0E96
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 004D0EAD
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 004D0EB5
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 004D0EBC
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004D0EDD
                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 004D0EE4
                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004D0F13
                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004D0F35
                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004D0F47
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0F6E
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0F75
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0F7E
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0F85
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D0F8E
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0F95
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 004D0FA1
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D0FA8
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: GetProcessHeap.KERNEL32(00000008,004D0BB1,?,00000000,?,004D0BB1,?), ref: 004D11A1
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,004D0BB1,?), ref: 004D11A8
                                                                                                                                                                                                                                                      • Part of subcall function 004D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,004D0BB1,?), ref: 004D11B7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                    • Opcode ID: e30bce50480fb6c33bc395661610ed51d63c1a8771b25a583243cb690e463512
                                                                                                                                                                                                                                                    • Instruction ID: bb3bcdbdc316accf112743a502c5c023a4cd2ce63aa5cb866b439022c49eb137
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e30bce50480fb6c33bc395661610ed51d63c1a8771b25a583243cb690e463512
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC716C7290020AABDF209FA5DC58FEFBBB8BF15300F14421AF919A7291D775D909CB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004FC4BD
                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,0050CC08,00000000,?,00000000,?,?), ref: 004FC544
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 004FC5A4
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FC5F4
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004FC66F
                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 004FC6B2
                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 004FC7C1
                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 004FC84D
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004FC881
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FC88E
                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 004FC960
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                    • Opcode ID: 95f7be3a76f130cdaf6f880ac75892f24b86e76017be3fbb9cd6a2320c05aba5
                                                                                                                                                                                                                                                    • Instruction ID: 8b8b140ed84fa1fb4d6ce41b09c5ecb0bf6b7b03db863301848d5ee26a16d9d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95f7be3a76f130cdaf6f880ac75892f24b86e76017be3fbb9cd6a2320c05aba5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53129D316042059FC714DF15C981E6ABBE5FF88758F14885EF94A9B3A2DB39EC01CB89
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 005009C6
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00500A01
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00500A54
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00500A8A
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00500B06
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00500B81
                                                                                                                                                                                                                                                      • Part of subcall function 0048F9F2: _wcslen.LIBCMT ref: 0048F9FD
                                                                                                                                                                                                                                                      • Part of subcall function 004D2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004D2BFA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                    • Opcode ID: c06283fb7da015fe9410a50c18539b5b979f37479363047abe20e22d54e10480
                                                                                                                                                                                                                                                    • Instruction ID: 81e6e6d2316d146a77e613afbf4c4e3950a00e24d0aff2f17b7349bb8e761c4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c06283fb7da015fe9410a50c18539b5b979f37479363047abe20e22d54e10480
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44E177712083019FC714EF25C450A6EBBE1BF98318F14895EE89A9B3E2DB34ED45CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                    • Opcode ID: cfaf9a9b40bc876bb430664fa956a4f25761bd3c4e5d8bcc5eee419349cb6e36
                                                                                                                                                                                                                                                    • Instruction ID: 4373094494b1a0179f766a249ba9dae95fc95158476296e3ceea0560c00bf100
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfaf9a9b40bc876bb430664fa956a4f25761bd3c4e5d8bcc5eee419349cb6e36
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10713772A0016E8BCB20DE3DDA816BF3391AFA0754F11052AFE5597384E63DED45C3A8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 0050835A
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 0050836E
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00508391
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 005083B4
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005083F2
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0050361A,?), ref: 0050844E
                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00508487
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005084CA
                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00508501
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 0050850D
                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0050851D
                                                                                                                                                                                                                                                    • DestroyIcon.USER32(?), ref: 0050852C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00508549
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00508555
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                    • Opcode ID: 4239bf586ce5fba6bc606b112a1bb6146d7673f89f93c324dcda756c99f8b809
                                                                                                                                                                                                                                                    • Instruction ID: 5763da7ecb7b380d51c35c311be98f3c120742172de5159ad2c6fe82614408ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4239bf586ce5fba6bc606b112a1bb6146d7673f89f93c324dcda756c99f8b809
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8661E071900219BAEF14CF64CC81FBE7FA8BB49B25F10461AF855D61D1DB78A980DBA0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                    • API String ID: 0-1645009161
                                                                                                                                                                                                                                                    • Opcode ID: 876f4926a5358fec17bee3c8e6ba4d53aab967ece9c114d177378d1f765655a4
                                                                                                                                                                                                                                                    • Instruction ID: ee7b83eb88106c18485cbc569f98f043cede682af45b12a0850a9122cecbfb54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 876f4926a5358fec17bee3c8e6ba4d53aab967ece9c114d177378d1f765655a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A81E871604205BBDF25AF65CC42FEF7B64BF15304F04802BF909AA296EB7C9911C7A9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 004E3EF8
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E3F03
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E3F5A
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E3F98
                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 004E3FD6
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004E401E
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004E4059
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004E4087
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                    • Opcode ID: 1d70c5f21a13603b9787bf20c3b3b5070bdd373ba3d5b823fb82c8b2f77d0985
                                                                                                                                                                                                                                                    • Instruction ID: c052b82c29593bb699a5e153f12dab9ecf288bead94f0deab834b1418a320b57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d70c5f21a13603b9787bf20c3b3b5070bdd373ba3d5b823fb82c8b2f77d0985
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A71D1315042019FC710EF26C8818ABBBF4FF94759F10892EF89597251EB38EE45CB56
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 004D5A2E
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004D5A40
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004D5A57
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 004D5A6C
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 004D5A72
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004D5A82
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 004D5A88
                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004D5AA9
                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 004D5AC3
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004D5ACC
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004D5B33
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004D5B6F
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004D5B75
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 004D5B7C
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 004D5BD3
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004D5BE0
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 004D5C05
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 004D5C2F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 895679908-0
                                                                                                                                                                                                                                                    • Opcode ID: e122ff9eecd754573061a3f20903038f58a37baed2b2edfa4671c8f0e64f44fe
                                                                                                                                                                                                                                                    • Instruction ID: 5e3f3caef9cdaefa45df05e7499372e6ef99ae1581a14acb9e1e15fdf13d6d5e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e122ff9eecd754573061a3f20903038f58a37baed2b2edfa4671c8f0e64f44fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C718F31900B05AFDB20DFA8CE95A6FBBF5FF48704F10461AE142A66A0DB79F944CB14
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 004EFE27
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 004EFE32
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 004EFE3D
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 004EFE48
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 004EFE53
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 004EFE5E
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 004EFE69
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 004EFE74
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 004EFE7F
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 004EFE8A
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 004EFE95
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 004EFEA0
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 004EFEAB
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 004EFEB6
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 004EFEC1
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004EFECC
                                                                                                                                                                                                                                                    • GetCursorInfo.USER32(?), ref: 004EFEDC
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004EFF1E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                                                                                                                                    • Opcode ID: 53eac32d7729a978fcf8252e85d20a9b92e2689e20b449c0d36944ccca54ded8
                                                                                                                                                                                                                                                    • Instruction ID: 5c99f4243f1db0ccc0bf4e07fad740dddfaaedfb198fee079cf7079a047f554a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53eac32d7729a978fcf8252e85d20a9b92e2689e20b449c0d36944ccca54ded8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C34152B0D043596ADB10DFBA8C8985EBFE8FF04354B50852BF11DE7281DB78A905CE95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[S
                                                                                                                                                                                                                                                    • API String ID: 176396367-308041520
                                                                                                                                                                                                                                                    • Opcode ID: 887e7484ede443866726726f14e66d0faa6ac9c7ee949301ce3e631f6eefb786
                                                                                                                                                                                                                                                    • Instruction ID: 2e88205f15e678de66e4796ed2ed8aa3b8499d2df037ca2eb20e6eeba4501236
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 887e7484ede443866726726f14e66d0faa6ac9c7ee949301ce3e631f6eefb786
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E1F432A00516ABCF14DF78C4716EEFBB0BF54715F14816BE856A3340DB38AE4987A6
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 004900C6
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0054070C,00000FA0,D4EB02C1,?,?,?,?,004B23B3,000000FF), ref: 0049011C
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,004B23B3,000000FF), ref: 00490127
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,004B23B3,000000FF), ref: 00490138
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0049014E
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0049015C
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0049016A
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00490195
                                                                                                                                                                                                                                                      • Part of subcall function 004900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004901A0
                                                                                                                                                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 004900E7
                                                                                                                                                                                                                                                      • Part of subcall function 004900A3: __onexit.LIBCMT ref: 004900A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00490122
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00490133
                                                                                                                                                                                                                                                    • InitializeConditionVariable, xrefs: 00490148
                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 00490154
                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 00490162
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                    • Opcode ID: 326fb379830d46c94e4fe5bcd7c2cd32dd94351cbce189c1c1fd52945d312fe1
                                                                                                                                                                                                                                                    • Instruction ID: 86c89cf2e0e1b65bdb7ad60d7f713a6b99ade82390223615df4cdb1999fedfdf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 326fb379830d46c94e4fe5bcd7c2cd32dd94351cbce189c1c1fd52945d312fe1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2212C33644310AFDB206BA4AC0AB6E3F94EB15B55F10063BF901A27D1DB7858049B99
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,0050CC08), ref: 004E4527
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E453B
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E4599
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E45F4
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E463F
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E46A7
                                                                                                                                                                                                                                                      • Part of subcall function 0048F9F2: _wcslen.LIBCMT ref: 0048F9FD
                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00536BF0,00000061), ref: 004E4743
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                    • Opcode ID: 827245b547dbb1f171901a38262b2b7b6937e445c9803ea5431b6e8b8983938b
                                                                                                                                                                                                                                                    • Instruction ID: b676cb8ecb243e1d6b92ce75db99ddf3c3e9cf748d12323f87eceee33b02ef2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 827245b547dbb1f171901a38262b2b7b6937e445c9803ea5431b6e8b8983938b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32B121306083429BC710DF2AC890A6BB7E1BFE5725F10891EF09A87391D738D845CB9A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00509147
                                                                                                                                                                                                                                                      • Part of subcall function 00507674: ClientToScreen.USER32(?,?), ref: 0050769A
                                                                                                                                                                                                                                                      • Part of subcall function 00507674: GetWindowRect.USER32(?,?), ref: 00507710
                                                                                                                                                                                                                                                      • Part of subcall function 00507674: PtInRect.USER32(?,?,00508B89), ref: 00507720
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 005091B0
                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005091BB
                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005091DE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00509225
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 0050923E
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00509255
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00509277
                                                                                                                                                                                                                                                    • DragFinish.SHELL32(?), ref: 0050927E
                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00509371
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#T
                                                                                                                                                                                                                                                    • API String ID: 221274066-474986928
                                                                                                                                                                                                                                                    • Opcode ID: 7a4448fb5ec86f3456c201b5fc81d9e1c646c789379732668e7f74d47d8ea42a
                                                                                                                                                                                                                                                    • Instruction ID: 28eb67bd989fc5f349ba0d50683b885c66e4bbfb71f894d009d16b8a00d2f9ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a4448fb5ec86f3456c201b5fc81d9e1c646c789379732668e7f74d47d8ea42a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2616471108301AFC701EF65C889DAFBFE8FB99354F004A2EF596961A1DB309A49CB56
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00541990), ref: 004B2F8D
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00541990), ref: 004B303D
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 004B3081
                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 004B308A
                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(00541990,00000000,?,00000000,00000000,00000000), ref: 004B309D
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004B30A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: c04cf9d495851178a409ea5c5ccf7a806778e337e8c162599f62638fcde6b09e
                                                                                                                                                                                                                                                    • Instruction ID: 81c5cb878bcc7d652d93555e6a0720508aa90e8aad4684f6b38e35845f181fed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c04cf9d495851178a409ea5c5ccf7a806778e337e8c162599f62638fcde6b09e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96710870640205BAEB219F25CD49FEABF64FF05324F204207F518662E1C7B5AD14E769
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00506DEB
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00506E5F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00506E81
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00506E94
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00506EB5
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00470000,00000000), ref: 00506EE4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00506EFD
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00506F16
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00506F1D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00506F35
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00506F4D
                                                                                                                                                                                                                                                      • Part of subcall function 00489944: GetWindowLongW.USER32(?,000000EB), ref: 00489952
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                    • Opcode ID: 5b93dc024db90668b15e060bfe276eec456e15f856ee7210e9215902302683d7
                                                                                                                                                                                                                                                    • Instruction ID: 3454c3fc960066405cc6cdb74a8fee2ebdd3b1f86749b580eaef5acbfe4c0054
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b93dc024db90668b15e060bfe276eec456e15f856ee7210e9215902302683d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4717A74104345AFDB21CF18DC84EABBFE9FB9A304F04091DF9898B2A1C771A95ADB15
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 004EC4B0
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 004EC4C3
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 004EC4D7
                                                                                                                                                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 004EC4F0
                                                                                                                                                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 004EC533
                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 004EC549
                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004EC554
                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 004EC584
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 004EC5DC
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 004EC5F0
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004EC5FB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 65fa91af580f7079435809f9e4f987f67920ec96646bddedc6d454811f5d21e8
                                                                                                                                                                                                                                                    • Instruction ID: 174c0922cf6b89f401ba745fc775213375cef8a47c061d9f95e1d01312dda8e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65fa91af580f7079435809f9e4f987f67920ec96646bddedc6d454811f5d21e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6518BB0500748BFDB219F66C988AAB7FBCFF19345F00451EF94696250DB38E909AB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00508592
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 005085A2
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000), ref: 005085AD
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 005085BA
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 005085C8
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 005085D7
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 005085E0
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 005085E7
                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 005085F8
                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,0050FC38,?), ref: 00508611
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00508621
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,000000FF), ref: 00508641
                                                                                                                                                                                                                                                    • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00508671
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00508699
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005086AF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3840717409-0
                                                                                                                                                                                                                                                    • Opcode ID: e42488399fc65ed3a5061977f41b8e8c6e54b932425e48419c6946cb0b4adde3
                                                                                                                                                                                                                                                    • Instruction ID: 9d1fc444eef6130c0c8f3aa18d74e5d0159b04d7e272075b5125e044151ace6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e42488399fc65ed3a5061977f41b8e8c6e54b932425e48419c6946cb0b4adde3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1413975600204BFDB119FA5CC88EAE7FB8FF9A711F108158F945E72A0DB319905DB20
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 004E1502
                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004E150B
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004E1517
                                                                                                                                                                                                                                                    • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 004E15FB
                                                                                                                                                                                                                                                    • VarR8FromDec.OLEAUT32(?,?), ref: 004E1657
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004E1708
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004E178C
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004E17D8
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004E17E7
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 004E1823
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                    • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                    • Opcode ID: 84f6720f9f1e4685174d161d78eeeb8c2e56468f21c77ce2a3e383c372041e35
                                                                                                                                                                                                                                                    • Instruction ID: 231bf8bb931fd873d2c841c23a26e62927faefd33999ac02a92be7bbfd396c1f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84f6720f9f1e4685174d161d78eeeb8c2e56468f21c77ce2a3e383c372041e35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30D14671640140EBDB00AF67D884BBEB7B1BF45702F10855BF806AB2A4DB38DC46DB5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,004FB6AE,?,?), ref: 004FC9B5
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FC9F1
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA68
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA9E
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004FB6F4
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004FB772
                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 004FB80A
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004FB87E
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004FB89C
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004FB8F2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 004FB904
                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 004FB922
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004FB983
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FB994
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                    • Opcode ID: 4b3ae5d53d6ea41ee46d09f180d8ab7bd3a3d6b0720ee5cd3986ce6b958ebe9f
                                                                                                                                                                                                                                                    • Instruction ID: 5eb18f29bd562c6d59b1a8640e9b66dfc6614d18af47fe0cd1e8aa4a1f1ceb51
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b3ae5d53d6ea41ee46d09f180d8ab7bd3a3d6b0720ee5cd3986ce6b958ebe9f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C19D70204205AFD710DF25C494F2ABBE1FF85308F14855EE69A8B3A2CB79EC45CB86
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004F25D8
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004F25E8
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 004F25F4
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 004F2601
                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 004F266D
                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 004F26AC
                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 004F26D0
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 004F26D8
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004F26E1
                                                                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 004F26E8
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 004F26F3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 76f3de96c0767305767c5e8465ddb7e8789eb092ca0d50571672674ba4f63c42
                                                                                                                                                                                                                                                    • Instruction ID: cd9ba32a36be859a1750890e6b6dde178e25a6bfa40dbc10284d5c15d13c3ead
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76f3de96c0767305767c5e8465ddb7e8789eb092ca0d50571672674ba4f63c42
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E611275D00219EFCF04CFA8C984AAEBBF5FF48310F20852AEA55A7250D774A951DF54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 004ADAA1
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD659
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD66B
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD67D
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD68F
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6A1
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6B3
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6C5
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6D7
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6E9
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD6FB
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD70D
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD71F
                                                                                                                                                                                                                                                      • Part of subcall function 004AD63C: _free.LIBCMT ref: 004AD731
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADA96
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADAB8
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADACD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADAD8
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADAFA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB0D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB1B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB26
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB5E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB65
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB82
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ADB9A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                                                                                                                    • Opcode ID: d99a42ded5728c890b254b7a085583f5d9d0a31f03fc4e88e74877cb7065cc3c
                                                                                                                                                                                                                                                    • Instruction ID: 8bcc1cf469d3d6678b3ecaf900a805fa72c790d667b98587ffea29cd35a15ac0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d99a42ded5728c890b254b7a085583f5d9d0a31f03fc4e88e74877cb7065cc3c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F317EB1A042049FDB21AA3AE945B5B77E8FF22714F10442FE04AD7691DA78AC40D729
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 004D369C
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004D36A7
                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 004D3797
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 004D380C
                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 004D385D
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004D3882
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004D38A0
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000), ref: 004D38A7
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 004D3921
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 004D395D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                    • String ID: %s%u
                                                                                                                                                                                                                                                    • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                    • Opcode ID: 91a988fecef5eb959c01ed2f7c86db8eb23455b0a41f0349c1d177aa2a52c028
                                                                                                                                                                                                                                                    • Instruction ID: 79e6f4b7ccfcac6704a45b02b0ee3c576a3e444272897bdcf78867207f9f6dc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91a988fecef5eb959c01ed2f7c86db8eb23455b0a41f0349c1d177aa2a52c028
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C891E871200606AFD715DF24C8A4BABF7A8FF44345F00862BF999C2390D734EA45CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 004D4994
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 004D49DA
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004D49EB
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 004D49F7
                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 004D4A2C
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 004D4A64
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 004D4A9D
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 004D4AE6
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 004D4B20
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004D4B8B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                    • String ID: ThumbnailClass
                                                                                                                                                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                    • Opcode ID: e4448ec8775f45b3ad1678327c5f68d1acce5c282d6756fe8f43c578b0a3b4dc
                                                                                                                                                                                                                                                    • Instruction ID: c604dc0e25c230f74a34c3413f50fed0335a62283499dad7247dbc86a13babd2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4448ec8775f45b3ad1678327c5f68d1acce5c282d6756fe8f43c578b0a3b4dc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C391EC311042059FDB04CF14C9A5BAB7BA8FF94304F04846BFD859A396DB38ED49CBA9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00541990,000000FF,00000000,00000030), ref: 004DBFAC
                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(00541990,00000004,00000000,00000030), ref: 004DBFE1
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 004DBFF3
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 004DC039
                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 004DC056
                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 004DC082
                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 004DC0C9
                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 004DC10F
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004DC124
                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004DC145
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 58bf4dc076b454a4207c686a6fbf35c40d5082df0b547b1b619a20c1ef0aa3ab
                                                                                                                                                                                                                                                    • Instruction ID: ebef57341d1e1b8075db9dc380da7f2ca74cfc21e154065f785663a42e4f6c34
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58bf4dc076b454a4207c686a6fbf35c40d5082df0b547b1b619a20c1ef0aa3ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2618170900256AFDF21CFA4DD98AEF7BB8EB06348F10415BE801A3391C739AD45DB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 004FCC64
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 004FCC8D
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 004FCD48
                                                                                                                                                                                                                                                      • Part of subcall function 004FCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 004FCCAA
                                                                                                                                                                                                                                                      • Part of subcall function 004FCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 004FCCBD
                                                                                                                                                                                                                                                      • Part of subcall function 004FCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 004FCCCF
                                                                                                                                                                                                                                                      • Part of subcall function 004FCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 004FCD05
                                                                                                                                                                                                                                                      • Part of subcall function 004FCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 004FCD28
                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 004FCCF3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                    • Opcode ID: a985b9f087b6cb1eebcbb203204f643569f84dafd1681498efa992f840980b7a
                                                                                                                                                                                                                                                    • Instruction ID: fb5f38a13a8c7777e62b36b98b3826085446634a4e06c449f2ad1223f8bf5689
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a985b9f087b6cb1eebcbb203204f643569f84dafd1681498efa992f840980b7a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1831617190112DBBD7208B55DDC8EFFBF7CEF56750F000166BA06E6240D7389A49EAA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 004E3D40
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E3D6D
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 004E3D9D
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 004E3DBE
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 004E3DCE
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 004E3E55
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004E3E60
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004E3E6B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                    • Opcode ID: d75752ed7dc9370a498a6613630177083ddb62322a81cdbef708af4c92164aeb
                                                                                                                                                                                                                                                    • Instruction ID: f75be7e5ffc6f95daad8cf1bb0da652a1a09f95c0eda94485274543178b770ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d75752ed7dc9370a498a6613630177083ddb62322a81cdbef708af4c92164aeb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC31C371900149ABDB219FA1DC48FEF3BBCEF89706F1041BAF505D2160E77897488B28
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 004DE6B4
                                                                                                                                                                                                                                                      • Part of subcall function 0048E551: timeGetTime.WINMM(?,?,004DE6D4), ref: 0048E555
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 004DE6E1
                                                                                                                                                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 004DE705
                                                                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 004DE727
                                                                                                                                                                                                                                                    • SetActiveWindow.USER32 ref: 004DE746
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 004DE754
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004DE773
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 004DE77E
                                                                                                                                                                                                                                                    • IsWindow.USER32 ref: 004DE78A
                                                                                                                                                                                                                                                    • EndDialog.USER32(00000000), ref: 004DE79B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                    • String ID: BUTTON
                                                                                                                                                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                    • Opcode ID: ec76b7a9553bca79ae0fb52b81dc13c0def1b53fe0e9e8ea5a794e7d7b7c189a
                                                                                                                                                                                                                                                    • Instruction ID: 60948170447ccfdb464e93228cefa8712d59fe25894b71265df4fea13365ec46
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec76b7a9553bca79ae0fb52b81dc13c0def1b53fe0e9e8ea5a794e7d7b7c189a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93215078200214AFEB106F66EC99A7A3F69E77634DF50052BF405853A1DF65AC08BA29
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 004DEA5D
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 004DEA73
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004DEA84
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 004DEA96
                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 004DEAA7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                    • Opcode ID: 7b97ccafb54cdce63d1227ba11205d184e6d52b997b764205d948e8f40836443
                                                                                                                                                                                                                                                    • Instruction ID: cb7439f93cd6f87b44cfaa31a6b27f73b5bdbad41f2e6f873726d038582594e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b97ccafb54cdce63d1227ba11205d184e6d52b997b764205d948e8f40836443
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54114F61A9021A79D720B7A2DC5AEFF6F7CFBD1B04F00442F7815A61D1EA740905C5B4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 004D5CE2
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 004D5CFB
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 004D5D59
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 004D5D69
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 004D5D7B
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 004D5DCF
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004D5DDD
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 004D5DEF
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 004D5E31
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 004D5E44
                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 004D5E5A
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004D5E67
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                                                                                                                                    • Opcode ID: 99cd97dabf8c83074d6b128583c1c59d75fe7ac6a3dd23f1a175947db01912c0
                                                                                                                                                                                                                                                    • Instruction ID: 37bb28a0bd7869b097510ef5dda56bc15b1ac48c6ca2a2469113bbef59bc4849
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99cd97dabf8c83074d6b128583c1c59d75fe7ac6a3dd23f1a175947db01912c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15511F70A00605AFDF18DF68DD99AAE7BB5EB58300F10822AF515E6390DB749E04CB60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00488F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00488BE8,?,00000000,?,?,?,?,00488BBA,00000000,?), ref: 00488FC5
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00488C81
                                                                                                                                                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00488BBA,00000000,?), ref: 00488D1B
                                                                                                                                                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 004C6973
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00488BBA,00000000,?), ref: 004C69A1
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00488BBA,00000000,?), ref: 004C69B8
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00488BBA,00000000), ref: 004C69D4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004C69E6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 641708696-0
                                                                                                                                                                                                                                                    • Opcode ID: ee275727a17da8cde1744f82b7305aedba534381f8a16148bca4d615c7e26f8a
                                                                                                                                                                                                                                                    • Instruction ID: e08aa27f77922815744baa3b4873b2c37fe58a537475e71982edde520f98869b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee275727a17da8cde1744f82b7305aedba534381f8a16148bca4d615c7e26f8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6261AE34101A00DFDB21AF14D948B6E7BF1FB62316F54891EE042966A4CB39A8C5EF59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489944: GetWindowLongW.USER32(?,000000EB), ref: 00489952
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00489862
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ColorLongWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 259745315-0
                                                                                                                                                                                                                                                    • Opcode ID: a4dafe7f8b0ca14ef168ba95fda90d6d8ba1513eeb199aec4a4939de7aa690bb
                                                                                                                                                                                                                                                    • Instruction ID: 28271ad5248274286f59a41cdea68bd0b1d2def244555b4844cb04005734441c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4dafe7f8b0ca14ef168ba95fda90d6d8ba1513eeb199aec4a4939de7aa690bb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6241A435104A40AFDB207F389C84BBE3B65AB17334F184A5AF9A2872E1D7359C46DB15
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: .I
                                                                                                                                                                                                                                                    • API String ID: 0-2795939834
                                                                                                                                                                                                                                                    • Opcode ID: 94a034404240fac9002b9eb9d90ba1c618891663f9ffb51f85c891f30d741215
                                                                                                                                                                                                                                                    • Instruction ID: 8d06f49f5e4ec4873b73a43fdf828960e1a017e99eb3d7e506ae9dd7ad819c0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94a034404240fac9002b9eb9d90ba1c618891663f9ffb51f85c891f30d741215
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C1E574908249AFDF11DFA9C841BAEBFB0AF2B314F1440AAF51497392C7398D45CB69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,004BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 004D9717
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,004BF7F8,00000001), ref: 004D9720
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,004BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 004D9742
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,004BF7F8,00000001), ref: 004D9745
                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 004D9866
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                    • Opcode ID: 216a21f28e147314f66d6f6c5b160d65ec3b4df15b156161b50cdc24319841e9
                                                                                                                                                                                                                                                    • Instruction ID: cb0ba5a198e69b60d01572507ce76875193b322f4555b3d1fee6174a6738527e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 216a21f28e147314f66d6f6c5b160d65ec3b4df15b156161b50cdc24319841e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74417172800209AACF04FBE1CD92DEE7778AF15744F10442BF609B2192EB396F48DB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004D07A2
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004D07BE
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004D07DA
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 004D0804
                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 004D082C
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004D0837
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004D083C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                    • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                    • Opcode ID: 510a04de1a74e6b803f4516f8661ed606c87cf5b000c296cf92b9601cc50d99f
                                                                                                                                                                                                                                                    • Instruction ID: 89c2308df8b05cf4ba05f9ad9875c7a289df577bdcfccff5d96f9be5c6c0b984
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 510a04de1a74e6b803f4516f8661ed606c87cf5b000c296cf92b9601cc50d99f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70413B72C10228ABCF11EFA4DC95DEEB778BF54344F05812AF905A32A1EB345E18DB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004F3C5C
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004F3C8A
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004F3C94
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004F3D2D
                                                                                                                                                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 004F3DB1
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 004F3ED5
                                                                                                                                                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 004F3F0E
                                                                                                                                                                                                                                                    • CoGetObject.OLE32(?,00000000,0050FB98,?), ref: 004F3F2D
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 004F3F40
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004F3FC4
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004F3FD8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 429561992-0
                                                                                                                                                                                                                                                    • Opcode ID: 419983e233300a37cb00b114e0b15440d703cb4dc2a8879541e7e8d198e3ac6a
                                                                                                                                                                                                                                                    • Instruction ID: df70f6bde922c8cebc84f31cb1ab7bb476de2d0223e7705ec339e3770b3dcb2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 419983e233300a37cb00b114e0b15440d703cb4dc2a8879541e7e8d198e3ac6a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49C168716083099FC700DF69C88492BBBE9FF89749F10491EFA8A9B250D734EE05CB56
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004E7AF3
                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 004E7B8F
                                                                                                                                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 004E7BA3
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0050FD08,00000000,00000001,00536E6C,?), ref: 004E7BEF
                                                                                                                                                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 004E7C74
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 004E7CCC
                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 004E7D57
                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 004E7D7A
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004E7D81
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004E7DD6
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004E7DDC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2762341140-0
                                                                                                                                                                                                                                                    • Opcode ID: a8333a6d67caf4d7201dfcf1f461ee4e778dc8e57e45cc5b310dddaf486217ac
                                                                                                                                                                                                                                                    • Instruction ID: fd286c78b8914a6557bcdb9de8fbcdd8b4feac15e727443e278fc1465df6b994
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8333a6d67caf4d7201dfcf1f461ee4e778dc8e57e45cc5b310dddaf486217ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72C16A74A00109AFCB10DFA5C884DAEBBF9FF48319B148199E80ADB361D734EE45CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00505504
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00505515
                                                                                                                                                                                                                                                    • CharNextW.USER32(00000158), ref: 00505544
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00505585
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0050559B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005055AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1350042424-0
                                                                                                                                                                                                                                                    • Opcode ID: 6a50fac59d02d4e8ea83fc0d7458e2c3efe39eb82a7538f603bb234a7f44a98d
                                                                                                                                                                                                                                                    • Instruction ID: 03b8f9cb1ee66a58b7a84a45fda66f58033bac3c44138971370e2fb7d362b5ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a50fac59d02d4e8ea83fc0d7458e2c3efe39eb82a7538f603bb234a7f44a98d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1618B34900609ABDF218F54CC84AFF7FB9FB0A324F144945F925AA2D0E7759A85DF60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 004CFAAF
                                                                                                                                                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 004CFB08
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004CFB1A
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 004CFB3A
                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 004CFB8D
                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 004CFBA1
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004CFBB6
                                                                                                                                                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 004CFBC3
                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004CFBCC
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004CFBDE
                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004CFBE9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2706829360-0
                                                                                                                                                                                                                                                    • Opcode ID: 03f5f51c4b99e72816de5c461ef1fedf8681e61b92bf4c189a52b935dd80e9f5
                                                                                                                                                                                                                                                    • Instruction ID: cb68885cb475478dee97ba32925d7913c6c995ab0f95e38c0438e5faa53c9733
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03f5f51c4b99e72816de5c461ef1fedf8681e61b92bf4c189a52b935dd80e9f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B415035A002199FCF00DF65C854EEEBFB9FF58345F00816AE945A7261D738AD49CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 004D9CA1
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 004D9D22
                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 004D9D3D
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 004D9D57
                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 004D9D6C
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 004D9D84
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 004D9D96
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 004D9DAE
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 004D9DC0
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 004D9DD8
                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 004D9DEA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                    • Opcode ID: cac9a6f231c87af8eaa0f4fee609511947da1931188cbb50213896e196e2d8ff
                                                                                                                                                                                                                                                    • Instruction ID: 5501ee427c5f5b2f2f69379e1eaa7925b227983980f383346f2331add0290760
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cac9a6f231c87af8eaa0f4fee609511947da1931188cbb50213896e196e2d8ff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6341DA345047C969FF30976488243B7BEA16B22344F08405BD6C6D77C1D7AD5DC8C796
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WSAStartup.WSOCK32(00000101,?), ref: 004F05BC
                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?), ref: 004F061C
                                                                                                                                                                                                                                                    • gethostbyname.WSOCK32(?), ref: 004F0628
                                                                                                                                                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 004F0636
                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 004F06C6
                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 004F06E5
                                                                                                                                                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 004F07B9
                                                                                                                                                                                                                                                    • WSACleanup.WSOCK32 ref: 004F07BF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                    • String ID: Ping
                                                                                                                                                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                    • Opcode ID: f9761e20adaffed116222ccad9fd601618bc7a6558dfa7dce0fa349446ee4e15
                                                                                                                                                                                                                                                    • Instruction ID: cc07a0585999901c2abfa12761c169b890a47543d52f00de6407118e5dd7f7a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9761e20adaffed116222ccad9fd601618bc7a6558dfa7dce0fa349446ee4e15
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A918E75504201AFD720DF15C488F2ABBE0AF84318F1485AAF5698B7A2C778EC45CF95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                    • Opcode ID: 732c12014d3f5b9eb8073d4acb195d6cf47ed5378f08de8cb319978d4c7ef084
                                                                                                                                                                                                                                                    • Instruction ID: 7b1a21a229020a6240cf5c9ccbf72605ebddd8247a1a1fac4074b1946b1272cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 732c12014d3f5b9eb8073d4acb195d6cf47ed5378f08de8cb319978d4c7ef084
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151C472A0051A9BCF14DF68C9518BEB7A5BF64314B21422FE615EB3C4DB38DD41C794
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitialize.OLE32 ref: 004F3774
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004F377F
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,0050FB78,?), ref: 004F37D9
                                                                                                                                                                                                                                                    • IIDFromString.OLE32(?,?), ref: 004F384C
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004F38E4
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004F3936
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                    • Opcode ID: c83cf350302b701627bb0ee3a94604ca265990447783ecaf732564a802439847
                                                                                                                                                                                                                                                    • Instruction ID: e95eb94d7ecfd40c765ad44b4901ed9885efcb0f27dba20a536f0a7cd15c6e81
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c83cf350302b701627bb0ee3a94604ca265990447783ecaf732564a802439847
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B61BEB0608305AFD310EF55C848B6ABBE4EF49745F10490EFA8597391C778EE49CB9A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 004E33CF
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 004E33F0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                    • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                    • Opcode ID: bdab477eca97992a97dddb2bc9365b99ed6d0a2ae03180ddda1c353525213ad1
                                                                                                                                                                                                                                                    • Instruction ID: aec2a1209eb654e5ce440a5778f6be2f731c7a157a2f5b42688efa9b7757028d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdab477eca97992a97dddb2bc9365b99ed6d0a2ae03180ddda1c353525213ad1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9851C271800109BADF15EFA1CD46DEEB778AF14349F10846AF40973192EB392F58DB69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                    • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                    • Opcode ID: 701d63af861a0a6eb9da1570dd7c15d2f90b17adcb80d1381d5b9f546ef99e69
                                                                                                                                                                                                                                                    • Instruction ID: e61e5be0457cadfd3682b81f3bcbc53e25c58e75c8f22393257bba7bc86b8303
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701d63af861a0a6eb9da1570dd7c15d2f90b17adcb80d1381d5b9f546ef99e69
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF41C532A00126DBCB105F7DC8A05BF7BA5EBA1758B26412BE461D7384E739CD82C7D5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 004E53A0
                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 004E5416
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004E5420
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 004E54A7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                    • Opcode ID: 6677f2660d5592f1e5a3ef83d9471fa76ad605a372d9be1f6977aaf6433ecf51
                                                                                                                                                                                                                                                    • Instruction ID: 8a8c64694e2559942514c5dce31d26d53635b97fe3da6b8135dc5033fe76a774
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6677f2660d5592f1e5a3ef83d9471fa76ad605a372d9be1f6977aaf6433ecf51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5631CE35A00245AFC710DF6AC484BAABBF4FF4530AF14806AE405CB392D778DD86CB91
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateMenu.USER32 ref: 00503C79
                                                                                                                                                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00503C88
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00503D10
                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00503D24
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00503D2E
                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00503D5B
                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00503D63
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                    • String ID: 0$F
                                                                                                                                                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                    • Opcode ID: 965d34b37d5b318577c1866a5cae57fd292ac2af151b9293ccb4b1685462d3a9
                                                                                                                                                                                                                                                    • Instruction ID: 5ef4004b6c72c2e1d4d3d8e421d8ad4fd6c0132f2491a98324b4c5d1e439554b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 965d34b37d5b318577c1866a5cae57fd292ac2af151b9293ccb4b1685462d3a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6418879A01209AFDB14CF64D984AEE7FB9FF5A340F140129E906A73A0D730AA14DB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 004D1F64
                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 004D1F6F
                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 004D1F8B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 004D1F8E
                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 004D1F97
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004D1FAB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 004D1FAE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: ee82fb8f3e5269767bbf89ffc1e8b512024449c129a1d08fda5a3314185f7bcb
                                                                                                                                                                                                                                                    • Instruction ID: 659b3ec769d4ecce9f3f0b775e0c4701beb7033d5c18a86b87919e66bd18e677
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee82fb8f3e5269767bbf89ffc1e8b512024449c129a1d08fda5a3314185f7bcb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7121D371A00114BBCF10AFA4CC55DEEBBB8EF16344F00420BB955673A1DB3949099B64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00503A9D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00503AA0
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00503AC7
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00503AEA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00503B62
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00503BAC
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00503BC7
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00503BE2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00503BF6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00503C13
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 312131281-0
                                                                                                                                                                                                                                                    • Opcode ID: f154fa514eb7c7daf77c1a046106e35d118ae4b2df428747cdbeda2c8337cccf
                                                                                                                                                                                                                                                    • Instruction ID: e0f42a350b4f5db841a6f98ec1cb4ceccf77ef2f434e76f0767586cf511eb2ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f154fa514eb7c7daf77c1a046106e35d118ae4b2df428747cdbeda2c8337cccf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A616775900208AFDB10DFA8CC81EEE7BB8FB49304F100199FA05AB2E1D774AE85DB50
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004DB151
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB165
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 004DB16C
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB17B
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 004DB18D
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB1A6
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB1B8
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB1FD
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB212
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,004DA1E1,?,00000001), ref: 004DB21D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                                                                                                                                    • Opcode ID: 0e07859a5d18fb15535f36528d808faff8ede0682c482631e825e782d06c1f10
                                                                                                                                                                                                                                                    • Instruction ID: 9ddcee4f918bfa09e9111bfe7fdf062c211fbe8b42f8813e8c3d2e78afe76c43
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e07859a5d18fb15535f36528d808faff8ede0682c482631e825e782d06c1f10
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31A276500204EFDB209F64EC9CBAE7BB9EB62355F114247F904D6360D77899089FA8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2C94
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CA0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CAB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CB6
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CC1
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CCC
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CD7
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CE2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CED
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2CFB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: e8477cdc6283ffb0f5b086e9da9b593d16da4714754d45d8eaf8ad1d2ac9c300
                                                                                                                                                                                                                                                    • Instruction ID: f2af5cc4eeff6a3b95dcd7f02548f5a6ef6b27abca0f116da0f0844d5136ddfe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8477cdc6283ffb0f5b086e9da9b593d16da4714754d45d8eaf8ad1d2ac9c300
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2112EB5200008BFCB42EF59DA42CDE3BA9FF16754F40409AFA485F232D675EE50AB55
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 004E7FAD
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E7FC1
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 004E7FEB
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 004E8005
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E8017
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004E8060
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 004E80B0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                    • Opcode ID: 89d78b95132404bbc67050adcd61e81409193f946dabfcf416e669d8b97a87a9
                                                                                                                                                                                                                                                    • Instruction ID: 9a488f9ea57cfdccd1324c3e7a750770d06f23c51e9b93dba14cc0d3fd94138e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89d78b95132404bbc67050adcd61e81409193f946dabfcf416e669d8b97a87a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3781A0715082819BCB24EF1AC4409AFB7D8FF85325F14885FF489D7250EB38DD458B5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00475C7A
                                                                                                                                                                                                                                                      • Part of subcall function 00475D0A: GetClientRect.USER32(?,?), ref: 00475D30
                                                                                                                                                                                                                                                      • Part of subcall function 00475D0A: GetWindowRect.USER32(?,?), ref: 00475D71
                                                                                                                                                                                                                                                      • Part of subcall function 00475D0A: ScreenToClient.USER32(?,?), ref: 00475D99
                                                                                                                                                                                                                                                    • GetDC.USER32 ref: 004B46F5
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004B4708
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004B4716
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004B472B
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 004B4733
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 004B47C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                    • Opcode ID: 03526eab2e89b066b97fc083dddea31494a324349c594c5662c0bc3060e718c5
                                                                                                                                                                                                                                                    • Instruction ID: 398e921942376f6d5143c7eb7c3ba8ec5bf96d90847e43866be57e49a1a25612
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03526eab2e89b066b97fc083dddea31494a324349c594c5662c0bc3060e718c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C371F134400205DFCF218F64C984AFE7BB5FF8A324F14426BE9555A2A7CB398882DF65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004E35E4
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00542390,?,00000FFF,?), ref: 004E360A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                    • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                    • Opcode ID: 6bb0edfc3fdbfd68764223fbb547663790a6c66ca39d572e5ed727ea0968a59d
                                                                                                                                                                                                                                                    • Instruction ID: fbd521f8846932d3df148a09b061f13a7e5862a1cee9feaecf5264827b208a07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bb0edfc3fdbfd68764223fbb547663790a6c66ca39d572e5ed727ea0968a59d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51A371C00149BACF15EFA2CC46EEEBB35AF15349F04812AF50972191DB381B98DF69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 004EC272
                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004EC29A
                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 004EC2CA
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004EC322
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 004EC336
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004EC341
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 42443c05585a38f573eea47e1fa4c10ab2fbe6db9f75744dc9338c97cbaef366
                                                                                                                                                                                                                                                    • Instruction ID: 3687c5bed014abedd19debac016ac5b65a3980429862dd6ce6465375bac2c703
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42443c05585a38f573eea47e1fa4c10ab2fbe6db9f75744dc9338c97cbaef366
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1431BFB1500244AFD7219F668CC8ABF7BFCEB59745B00861EF84692200DB38DD0A9B69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,004B3AAF,?,?,Bad directive syntax error,0050CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 004D98BC
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,004B3AAF,?), ref: 004D98C3
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 004D9987
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                    • Opcode ID: f23a9b341abdc00770712c1eccad9a0ed7cfbe248c8e6dc3e0f69eb324e0d3f2
                                                                                                                                                                                                                                                    • Instruction ID: 882092ebd6855f25def7e81d014c228f11ef5f9d7e3e61afc46e7bfb466e900e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f23a9b341abdc00770712c1eccad9a0ed7cfbe248c8e6dc3e0f69eb324e0d3f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B216D3180021ABBCF15AF91CC16EEE7B35BF18704F04845FF519661A2EB79AA28DB15
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 004D20AB
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 004D20C0
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 004D214D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                    • Opcode ID: 59cc4d1e1f014b39fe86a22ae7703b3e30e100f5d158f4a54edcab6e3b704a7b
                                                                                                                                                                                                                                                    • Instruction ID: ebed2c1a16d6452d0a73f37870b47274fa859cf1d338f7e8c8cd21dec392b598
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59cc4d1e1f014b39fe86a22ae7703b3e30e100f5d158f4a54edcab6e3b704a7b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7117A36284703B9FA012620DC2BCAF7B9CDF25324F20422BF705A42D1FEA95807161C
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1282221369-0
                                                                                                                                                                                                                                                    • Opcode ID: 6df3c4c9b85e4eb899e3287b55008a3f3eb4883e2f810c350dc79e017d2f8f5e
                                                                                                                                                                                                                                                    • Instruction ID: df6480ce5ad06cb5043815f83311af01ecc4dc5183dadea765987f7232426e87
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6df3c4c9b85e4eb899e3287b55008a3f3eb4883e2f810c350dc79e017d2f8f5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 196168B2E04200AFCF21AFB998816AB7B95AF33318F14016FFA11973C1D63D9D059799
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00505186
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 005051C7
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 005051CD
                                                                                                                                                                                                                                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 005051D1
                                                                                                                                                                                                                                                      • Part of subcall function 00506FBA: DeleteObject.GDI32(00000000), ref: 00506FE6
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0050520D
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0050521A
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0050524D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00505287
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00505296
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3210457359-0
                                                                                                                                                                                                                                                    • Opcode ID: 0fd296caf97c295abfc154165ef66bf2f9aaba9889e500f1b1d40d8fa81579e0
                                                                                                                                                                                                                                                    • Instruction ID: fd4faa6e6f9895ea99885b6c99f64e992b49a921716d5a6bb56e58a34d4e56a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fd296caf97c295abfc154165ef66bf2f9aaba9889e500f1b1d40d8fa81579e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68519A34A40A0AFEEF209F24CC4AB9E3F65BF05324F148516F6559A2E0E775A994EF40
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 004C6890
                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 004C68A9
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 004C68B9
                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 004C68D1
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 004C68F2
                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00488874,00000000,00000000,00000000,000000FF,00000000), ref: 004C6901
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 004C691E
                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00488874,00000000,00000000,00000000,000000FF,00000000), ref: 004C692D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1268354404-0
                                                                                                                                                                                                                                                    • Opcode ID: 5dccd78c4c7d3e55bf308f62bb111fac5379b717c40598712e4ccaf9bda22c16
                                                                                                                                                                                                                                                    • Instruction ID: 1c83847b33f0caffe63cccb5bef84752754d5d4e8ea780b0afba964c3699b6ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dccd78c4c7d3e55bf308f62bb111fac5379b717c40598712e4ccaf9bda22c16
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B351AB74600609AFDB20EF25CC91FAE3BB5FB98750F104A1EF902972A0DB74E981DB54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 004EC182
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004EC195
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 004EC1A9
                                                                                                                                                                                                                                                      • Part of subcall function 004EC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 004EC272
                                                                                                                                                                                                                                                      • Part of subcall function 004EC253: GetLastError.KERNEL32 ref: 004EC322
                                                                                                                                                                                                                                                      • Part of subcall function 004EC253: SetEvent.KERNEL32(?), ref: 004EC336
                                                                                                                                                                                                                                                      • Part of subcall function 004EC253: InternetCloseHandle.WININET(00000000), ref: 004EC341
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 337547030-0
                                                                                                                                                                                                                                                    • Opcode ID: 2c01f21bc545291399558185642f0dbb067ca3fa6b4c5328b04e72ea666181a7
                                                                                                                                                                                                                                                    • Instruction ID: d17693b396e7bb9aefbfccf6ae07788bd8763f61057e3deb1fdd7709ebabee18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c01f21bc545291399558185642f0dbb067ca3fa6b4c5328b04e72ea666181a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB31A371500681AFDB219FA6DC84A7BBFF8FF15301B00451EFA5682611D734E816AFA5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004D3A57
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetCurrentThreadId.KERNEL32 ref: 004D3A5E
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004D25B3), ref: 004D3A65
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 004D25BD
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004D25DB
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 004D25DF
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 004D25E9
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 004D2601
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 004D2605
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 004D260F
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 004D2623
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 004D2627
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2014098862-0
                                                                                                                                                                                                                                                    • Opcode ID: 670bee7b74cd81af0eed5a59949d44a61d5afd9f5f92b803a5e3e5f4aff264e7
                                                                                                                                                                                                                                                    • Instruction ID: 0150fef7cce7a4cbff027ec7868004d999f773fad5bd3d5b7654d9849a13f37f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 670bee7b74cd81af0eed5a59949d44a61d5afd9f5f92b803a5e3e5f4aff264e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3901D830390210BBFB2067699C9AF593F59DB5FB12F100107F314AF1D1C9E25444DAAA
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,004D1449,?,?,00000000), ref: 004D180C
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,004D1449,?,?,00000000), ref: 004D1813
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,004D1449,?,?,00000000), ref: 004D1828
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,004D1449,?,?,00000000), ref: 004D1830
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,004D1449,?,?,00000000), ref: 004D1833
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,004D1449,?,?,00000000), ref: 004D1843
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(004D1449,00000000,?,004D1449,?,?,00000000), ref: 004D184B
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,004D1449,?,?,00000000), ref: 004D184E
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,004D1874,00000000,00000000,00000000), ref: 004D1868
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c91e2e07349d9b1d74b96572bfcce885e7586dd254ed266d4a0bb512567a7bd
                                                                                                                                                                                                                                                    • Instruction ID: 659a0c552f409d27c4c5726e0d458d2224895783a9ba4a7502ad99b76f7932e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c91e2e07349d9b1d74b96572bfcce885e7586dd254ed266d4a0bb512567a7bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4301BF75240304BFE710AB65DC4DF5B3F6CEB9AB11F004511FA05DB1A1C6749804DB20
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                    • String ID: }}I$}}I$}}I
                                                                                                                                                                                                                                                    • API String ID: 1036877536-3682849257
                                                                                                                                                                                                                                                    • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                    • Instruction ID: 98bcdcea29e83892ace0c16994e364101a8cfc5ecdede62ededdad23c043a6a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCA16671A142829FDB11CE18C8917AEBBE4EFF3354F14416FE5859B381D2BC9982C758
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004DD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 004DD501
                                                                                                                                                                                                                                                      • Part of subcall function 004DD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 004DD50F
                                                                                                                                                                                                                                                      • Part of subcall function 004DD4DC: CloseHandle.KERNELBASE(00000000), ref: 004DD5DC
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004FA16D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004FA180
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004FA1B3
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 004FA268
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 004FA273
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FA2C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 4d7510c9464f0dbda935ddb7199ff7086f9af5420a350b19dbbf0d247996347f
                                                                                                                                                                                                                                                    • Instruction ID: cc2b36b1f6140859603dfe2fe81db6f417b915f566857b49bf15ad99c6f9b729
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d7510c9464f0dbda935ddb7199ff7086f9af5420a350b19dbbf0d247996347f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D361D170204201AFD320DF19C494F6ABBE1AF45318F15C48EE55A4B7A3C77AEC49CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00503925
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0050393A
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00503954
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00503999
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 005039C6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005039F4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                    • String ID: SysListView32
                                                                                                                                                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                    • Opcode ID: dc3d90a1e7141987f4ce4a96fa21830148ca007899c76de711838c83e1bd9c4d
                                                                                                                                                                                                                                                    • Instruction ID: ea42e443844cc28d19d12ab970a048736e17221b0f5c90d170953ad875e81d0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc3d90a1e7141987f4ce4a96fa21830148ca007899c76de711838c83e1bd9c4d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE419E71A00219ABEB219F64CC49BEE7FA9FF48354F10052AF958E72C1D7719A84CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004DBCFD
                                                                                                                                                                                                                                                    • IsMenu.USER32(00000000), ref: 004DBD1D
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004DBD53
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00F757E0), ref: 004DBDA4
                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(00F757E0,?,00000001,00000030), ref: 004DBDCC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                    • String ID: 0$2
                                                                                                                                                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                    • Opcode ID: 1312d41bdedbe2cd12aec46fcddbbd94e30cf2f482afa89fd9567897117661f7
                                                                                                                                                                                                                                                    • Instruction ID: 227980f5edd3e015beacd00e72613875d29fd9e18dde880f472333a1ab1385df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1312d41bdedbe2cd12aec46fcddbbd94e30cf2f482afa89fd9567897117661f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D051CF70A00205DBDB21CFA9C8A4BAEBBF6FF49314F15421BE44197390D7789945CBA9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00492D4B
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00492D53
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00492DE1
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00492E0C
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00492E61
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: &HI$csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1154374745
                                                                                                                                                                                                                                                    • Opcode ID: 3d0e2dda292a923afaa057d91103b1255a98bc4f91d5381e5c63c66a182b6f35
                                                                                                                                                                                                                                                    • Instruction ID: eb58f5688712ce9b81635d712a4eee87c4b8779d2927df464cc2f1df262d8542
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d0e2dda292a923afaa057d91103b1255a98bc4f91d5381e5c63c66a182b6f35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6241C434A00209ABCF10DF69C945A9FBFB5BF45318F14816AE8146B392D7B9AA05CBD4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 004DC913
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: IconLoad
                                                                                                                                                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                    • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                    • Opcode ID: 786493fca3ba856b5c91532ec7ab53e7f4d0371536f34525d16d39c8a4b524d6
                                                                                                                                                                                                                                                    • Instruction ID: ff05dfbbe79d459a0a587d669695bd9404af069312ddf3d468da069034562fac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 786493fca3ba856b5c91532ec7ab53e7f4d0371536f34525d16d39c8a4b524d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8110871789307BAEB016B54DCE2CAB2BDCDF15329B50406FF500A6382D7685D01A26D
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                                                                                                                                    • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                    • Opcode ID: e6074615b0a749267d51d9cfd7806e9063fdc726733fa076c020c860cefe884a
                                                                                                                                                                                                                                                    • Instruction ID: 716d6aa00c83444cdc45b4928a50d2e6c8c88ac303b655ff3f60e8c51a2e040d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6074615b0a749267d51d9cfd7806e9063fdc726733fa076c020c860cefe884a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED112771800104ABCB20AB31DC0AEEF7BACDF51314F00017FF40596291EF788A829B58
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 952045576-0
                                                                                                                                                                                                                                                    • Opcode ID: b284c55cdb2630525cbcfe3ddf5753d04338ab58b6c727388ffd9414343cd61b
                                                                                                                                                                                                                                                    • Instruction ID: a100dcf5e9a6cbb4cf0403e0c59ff049fd8c7f9f321d215486a3f4321508bc07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b284c55cdb2630525cbcfe3ddf5753d04338ab58b6c727388ffd9414343cd61b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC418265C1011865CF11FBB6C88A9CFBBA8AF45710F50856BE518E3261EB38D255C3AD
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,004C682C,00000004,00000000,00000000), ref: 0048F953
                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,004C682C,00000004,00000000,00000000), ref: 004CF3D1
                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,004C682C,00000004,00000000,00000000), ref: 004CF454
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                                                                                                                                    • Opcode ID: 99359f88ad52fe99b82bcb458a0c925e412e0a8119ff304cd48766f9fc2291e7
                                                                                                                                                                                                                                                    • Instruction ID: 45c539888a26d2e54ed8dbde911cd3e2d57f952689703ca6f4a7f4d0ddcbfa4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99359f88ad52fe99b82bcb458a0c925e412e0a8119ff304cd48766f9fc2291e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2415F74104680FAC778AB2DC888B6F7F92AB66314F14493FE44752760C63D988DDB1D
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00502D1B
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00502D23
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00502D2E
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00502D3A
                                                                                                                                                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00502D76
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00502D87
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00505A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00502DC2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00502DE1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                                                                                                                                    • Opcode ID: d2bebcd0db430779b004028655fdf56718050db9d3f1e42826cf56d45dcde7c7
                                                                                                                                                                                                                                                    • Instruction ID: cb7f994ea3e4899f134314d534d8b25260048539a198045dc1daf6c9de43a5bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2bebcd0db430779b004028655fdf56718050db9d3f1e42826cf56d45dcde7c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F315672201214ABEB218F548C8AFAB3FADFB1A715F044165FE089A2D1C6759C55CBA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                                                                                                                                    • Opcode ID: ef5e5788db3a192a210bde0bfad269e1b3da109ece6c337a524415206bf88510
                                                                                                                                                                                                                                                    • Instruction ID: 26ef248973e2d723aa68f66ef03417bb864a61c04054d1d9d65be101da9256c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef5e5788db3a192a210bde0bfad269e1b3da109ece6c337a524415206bf88510
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A218661644A09B7E62555118EA2FBF376CBF21388F540037FD085AB81FF28ED1186AD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                                                                                                                                    • Opcode ID: 453e7ba88e297ff969ddbe08c00b5fa8c87455ad254c33b660c0b11b58351c96
                                                                                                                                                                                                                                                    • Instruction ID: d82e0a95df156014b3178a614e2a3e730e68c9b4c837f525c62ea57dde720c05
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 453e7ba88e297ff969ddbe08c00b5fa8c87455ad254c33b660c0b11b58351c96
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2D19F71A0060EAFDF10CF98C880BBEB7B5BF48344F15816AEA15AB281D774ED45CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?), ref: 004B15CE
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B1651
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B16E4
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B16FB
                                                                                                                                                                                                                                                      • Part of subcall function 004A3820: RtlAllocateHeap.NTDLL(00000000,?,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6,?,00471129), ref: 004A3852
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B1777
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004B17A2
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004B17AE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2829977744-0
                                                                                                                                                                                                                                                    • Opcode ID: 828f64627f70bee696a95c9e9ce04167eb9f0c3635d5d58237009d712965ceeb
                                                                                                                                                                                                                                                    • Instruction ID: 5432c3b270816bba75df729e4aeff243c8b64588f502a3c79a4a8f164bcdec01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 828f64627f70bee696a95c9e9ce04167eb9f0c3635d5d58237009d712965ceeb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B91C371E10216AADB208E64C8A1EEF7BB59F59310F98066BE801E7261DB2DDC45C778
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                    • Opcode ID: 62eeaa1ff7ffb882ccfdde795d051c1425d5e092e8bc4cfbfb178547ef821bcf
                                                                                                                                                                                                                                                    • Instruction ID: 6258b40ad36c78b22cd9eeac48cb61264ddfacfba1142dc469625db87128c1c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62eeaa1ff7ffb882ccfdde795d051c1425d5e092e8bc4cfbfb178547ef821bcf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB91A571A00219ABDF20DFA5C844FBF7BB8EF85714F10855AF605AB280DB789945CF94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 004E125C
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 004E1284
                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 004E12A8
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004E12D8
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004E135F
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004E13C4
                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 004E1430
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2550207440-0
                                                                                                                                                                                                                                                    • Opcode ID: 4c3b48b95fcbd7047ca439ae0aa745f0d5c46a9c69c39b22b4b933d56580e882
                                                                                                                                                                                                                                                    • Instruction ID: 6c3a4d5d3177262f85efb6bc01ad5855b14e72525960a815275a1e84cf971376
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c3b48b95fcbd7047ca439ae0aa745f0d5c46a9c69c39b22b4b933d56580e882
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9991F271A402589FDB00DF96C884BBEB7B5FF4531AF10406BEA40E73A1D778A945CB98
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3225163088-0
                                                                                                                                                                                                                                                    • Opcode ID: 615748caf3dc9efefdd5f95f9f450c64a1f52c87567cdc65d403275c4c8a7a1b
                                                                                                                                                                                                                                                    • Instruction ID: 2a7d43aa9aa0e2082f6d6a2b308cd8dadfa9ee738d6d0cbdbc51e338223960c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 615748caf3dc9efefdd5f95f9f450c64a1f52c87567cdc65d403275c4c8a7a1b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB913771D00219EFCB10DFA9C884AEEBBB8FF49320F18454AE915B7251D378AD42CB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004F396B
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 004F3A7A
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004F3A8A
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004F3C1F
                                                                                                                                                                                                                                                      • Part of subcall function 004E0CDF: VariantInit.OLEAUT32(00000000), ref: 004E0D1F
                                                                                                                                                                                                                                                      • Part of subcall function 004E0CDF: VariantCopy.OLEAUT32(?,?), ref: 004E0D28
                                                                                                                                                                                                                                                      • Part of subcall function 004E0CDF: VariantClear.OLEAUT32(?), ref: 004E0D34
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                    • Opcode ID: 5bb423eaf6cb9a5af627bb0f384d7c6b94bc0406504244780288c230156cac40
                                                                                                                                                                                                                                                    • Instruction ID: dcf6b410ccde5df14cf8b0bf1a04d12febe16402853a8b175173935eff742ea4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bb423eaf6cb9a5af627bb0f384d7c6b94bc0406504244780288c230156cac40
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09918A74A083059FC704EF25C49086AB7E4FF89319F14892EF98997351DB38EE05CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?,?,004D035E), ref: 004D002B
                                                                                                                                                                                                                                                      • Part of subcall function 004D000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?), ref: 004D0046
                                                                                                                                                                                                                                                      • Part of subcall function 004D000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?), ref: 004D0054
                                                                                                                                                                                                                                                      • Part of subcall function 004D000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?), ref: 004D0064
                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 004F4C51
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004F4D59
                                                                                                                                                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 004F4DCF
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 004F4DDA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                    • Opcode ID: a55eb54dcbd39691ca709a683f5cc0c6528c1beebbd34042ebacba63b288693e
                                                                                                                                                                                                                                                    • Instruction ID: 52cb9716f624641621c040e794fea649b7ffd84bc7d9cb619138e90292c78fac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a55eb54dcbd39691ca709a683f5cc0c6528c1beebbd34042ebacba63b288693e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA914871D0021DEFDF10DFA5C891AEEBBB8BF48304F10816AE919A7251DB389A45CF64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 00502183
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 005021B5
                                                                                                                                                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005021DD
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00502213
                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 0050224D
                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,?), ref: 0050225B
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004D3A57
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetCurrentThreadId.KERNEL32 ref: 004D3A5E
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004D25B3), ref: 004D3A65
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005022E3
                                                                                                                                                                                                                                                      • Part of subcall function 004DE97B: Sleep.KERNEL32 ref: 004DE9F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4196846111-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ffeacb7259bac528cf3cdefc04e8e0ba1ddae678284f9321240cefcf4ac57d3
                                                                                                                                                                                                                                                    • Instruction ID: 506c55af1665b8036c921072835dfd8c6db91df07fced504e18e99c73e1fa9c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ffeacb7259bac528cf3cdefc04e8e0ba1ddae678284f9321240cefcf4ac57d3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0717175A00205AFCB10EFA5C889AAEBBF5FF89314F148459E816EB391D734ED41CB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindow.USER32(00F757B8), ref: 00507F37
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00F757B8), ref: 00507F43
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0050801E
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00F757B8,000000B0,?,?), ref: 00508051
                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,?), ref: 00508089
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00F757B8,000000EC), ref: 005080AB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 005080C3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4072528602-0
                                                                                                                                                                                                                                                    • Opcode ID: c09dd5eac44ca91407fb0999f98b3a10b8b504a33e4411315f2c2d5f0e74b107
                                                                                                                                                                                                                                                    • Instruction ID: 4c0a3e0f92452959335e3af3ff8819a9c822920b3840e42b9625514c34d182bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c09dd5eac44ca91407fb0999f98b3a10b8b504a33e4411315f2c2d5f0e74b107
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37717E34A08249AFEB219F64C899FBE7FB9FF1A300F144459E955972E1CB31B845DB20
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004DAEF9
                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 004DAF0E
                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 004DAF6F
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 004DAF9D
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 004DAFBC
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 004DAFFD
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 004DB020
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                    • Opcode ID: e2d5e061f9d3ead989ad1932b8f62b1045c59598ce45baea030d12d0fb4dd389
                                                                                                                                                                                                                                                    • Instruction ID: 7880daaeb974e15497b26e3eb7d386624ab7adbc1f694fe100e657cf4f63cb9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2d5e061f9d3ead989ad1932b8f62b1045c59598ce45baea030d12d0fb4dd389
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0551E3A16043D17DFB3783348869BBB7EA99B06304F08858FE1D5456C2C39DACD8D799
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 004DAD19
                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 004DAD2E
                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 004DAD8F
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 004DADBB
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 004DADD8
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 004DAE17
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 004DAE38
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                    • Opcode ID: ee44b9de44148a1e6c3329ec67a99ab99289cd988544e4c5db816e812a594b11
                                                                                                                                                                                                                                                    • Instruction ID: f44c68ef6953eb8353fe4a44494aa175dfea7545a6bfdc1fc715d05b59aedaa5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee44b9de44148a1e6c3329ec67a99ab99289cd988544e4c5db816e812a594b11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8651E7A15447D53DFB3283348C65B7B7F9A5B46300F08858BE1D546BC2C398ECA8E76A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(004B3CD6,?,?,?,?,?,?,?,?,004A5BA3,?,?,004B3CD6,?,?), ref: 004A5470
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 004A54EB
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 004A5506
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,004B3CD6,00000005,00000000,00000000), ref: 004A552C
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,004B3CD6,00000000,004A5BA3,00000000,?,?,?,?,?,?,?,?,?,004A5BA3,?), ref: 004A554B
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,004A5BA3,00000000,?,?,?,?,?,?,?,?,?,004A5BA3,?), ref: 004A5584
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                    • Opcode ID: 4245e1a785a35809fa8acf34e8f8f47833a00a0814c9a2b075a1aeff2230951f
                                                                                                                                                                                                                                                    • Instruction ID: f602fabbedeb957efd316bcc7b1f128489ab6cc0c08bbdd428106d6014e3d3c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4245e1a785a35809fa8acf34e8f8f47833a00a0814c9a2b075a1aeff2230951f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5251E5B0D00608AFDB10CFA8D945AEEBBF9EF2A300F14411BF955E7291D7349A45CB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 004F307A
                                                                                                                                                                                                                                                      • Part of subcall function 004F304E: _wcslen.LIBCMT ref: 004F309B
                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 004F1112
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1121
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F11C9
                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 004F11F9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2675159561-0
                                                                                                                                                                                                                                                    • Opcode ID: 2e68ae9db8c805654765a147c3db2cc1524910491b31c5d6ffbc97c5e476d532
                                                                                                                                                                                                                                                    • Instruction ID: 451dfb78897a12a0e672a52fdd143587d5515427880110de0ac9b47b3eaffe2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e68ae9db8c805654765a147c3db2cc1524910491b31c5d6ffbc97c5e476d532
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D41D731600108EFDB109F14C984BBEBBE9EF4A368F14815AFA159B391C778AD45CBE5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,004DCF22,?), ref: 004DDDFD
                                                                                                                                                                                                                                                      • Part of subcall function 004DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,004DCF22,?), ref: 004DDE16
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 004DCF45
                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 004DCF7F
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004DD005
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004DD01B
                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 004DD061
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                    • Opcode ID: 35f44f3956e4bb93fcd9aede76aaf8af43b4028bdd658eab7fc9a8849bbbf011
                                                                                                                                                                                                                                                    • Instruction ID: 0e9fb820391ff40f2279aa40e6bae53bf169b7cf14af6b0f2efcbdf3f92bf97a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f44f3956e4bb93fcd9aede76aaf8af43b4028bdd658eab7fc9a8849bbbf011
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA417871D452195FDF12EBA4CD91EDEB7B9AF08384F1000EBE505EB241EB38A648CB54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00502E1C
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00502E4F
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00502E84
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00502EB6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00502EE0
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00502EF1
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00502F0B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2178440468-0
                                                                                                                                                                                                                                                    • Opcode ID: ef51adc4027aca1223648895f0c82c8481ed6a0e744578e3c8b2c74d723e6833
                                                                                                                                                                                                                                                    • Instruction ID: 4d1ad0f1b1f1069c0e6e82cd605e253440b5d2f0691e58d24d65978256027445
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef51adc4027aca1223648895f0c82c8481ed6a0e744578e3c8b2c74d723e6833
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E23108346841519FDB21CF58DC88FA93BE9FBAA754F150164FA048F2F1CB71A844EB41
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004D7769
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004D778F
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 004D7792
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 004D77B0
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004D77B9
                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 004D77DE
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 004D77EC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                    • Opcode ID: 5087ba6edaf8fb4429295ef4f0c924d0f9c7dd12c3e2b35829b7220f4d83543c
                                                                                                                                                                                                                                                    • Instruction ID: e8968d20571e2939df70ca6e18a1f736a793231d3329761685254590113e43f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5087ba6edaf8fb4429295ef4f0c924d0f9c7dd12c3e2b35829b7220f4d83543c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6921A376604219AFDF10EFA8CC84CBF77ACEB093647008527B904DB290E674EC458768
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004D7842
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004D7868
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 004D786B
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32 ref: 004D788C
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 004D7895
                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 004D78AF
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 004D78BD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                    • Opcode ID: 2d4b89f48371a308663895faf08be303b65cd937d7bda3120123735d9c0a74a9
                                                                                                                                                                                                                                                    • Instruction ID: 385445983ea5ae202c924abd92ffb869d32c7cae61a029f0b2761c3b95ee3e1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d4b89f48371a308663895faf08be303b65cd937d7bda3120123735d9c0a74a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F216231604104AFDF10AFA8DC99DAB7BECFB097607108126F915CB3A1E674DC45DB68
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 004E04F2
                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 004E052E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                    • Opcode ID: 8892fb3c3b0c10154a6af03c096feb684001543615b5531c9903e1e077360540
                                                                                                                                                                                                                                                    • Instruction ID: 27a19c9d943fbe3603260371cf7bd7806e4200ae63d606e8a33ed467167c4df0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8892fb3c3b0c10154a6af03c096feb684001543615b5531c9903e1e077360540
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D521AB74500346ABCB208F2ADC04A9A7BB4AF55725F604A1AF8F1E22E0D7B4D980DF24
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 004E05C6
                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 004E0601
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                    • Opcode ID: 51119714ae048d0a2056dc2a4f347bf4065221479dcf9cc9d882e7d5aa9e52d7
                                                                                                                                                                                                                                                    • Instruction ID: a87de91250baef5706e2ccb969fc745a554682ff99bcfe28f5e5218b0b09d681
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51119714ae048d0a2056dc2a4f347bf4065221479dcf9cc9d882e7d5aa9e52d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F219135500345ABDB208F7A9C04B9B77A4BF95721F200B1AE8B1E32E0D7B498A1CB14
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0047604C
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: GetStockObject.GDI32(00000011), ref: 00476060
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0047606A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00504112
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0050411F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0050412A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00504139
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00504145
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                    • Opcode ID: b6e951ae936234ea2a76af7b7211b7fffd772f4305fb303bd544a2298d9ae9a1
                                                                                                                                                                                                                                                    • Instruction ID: e33c0cf0310460c18207bb54ef0bb4f122bc719faf607bd2944ec1d806967254
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6e951ae936234ea2a76af7b7211b7fffd772f4305fb303bd544a2298d9ae9a1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2711B6B214011DBEEF118F64CC85EEB7F5DFF19798F014111B718A6090CA729C61DBA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004AD7A3: _free.LIBCMT ref: 004AD7CC
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD82D
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD838
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD843
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD897
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD8A2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD8AD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD8B8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                    • Instruction ID: 17320ef0dfe0ed9b04e8456dd258ae1dc20fb0dcba9759c6fac5441d0a273d1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 761184B5940704AAD521BFB2CC07FCB7BDC6F22704F80081EB29AA68A2DA6CB5055655
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 004DDA74
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 004DDA7B
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004DDA91
                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 004DDA98
                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004DDADC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 004DDAB9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                    • Opcode ID: 9dddcea289c7abf10ea7f79866bbb97dae1a45811d283538e01c129ff608da9b
                                                                                                                                                                                                                                                    • Instruction ID: 8950f47fd3cc6ea84b68e400d764e9917b09f13cac88550a21ba14fe81579750
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dddcea289c7abf10ea7f79866bbb97dae1a45811d283538e01c129ff608da9b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 030186F69002087FEB119BA4DD89EEF3B6CE709301F444597B706E2181E6749E888F74
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00F6DFD8,00F6DFD8), ref: 004E097B
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F6DFB8,00000000), ref: 004E098D
                                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(?,000001F6), ref: 004E099B
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 004E09A9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004E09B8
                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00F6DFD8,000001F6), ref: 004E09C8
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F6DFB8), ref: 004E09CF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3495660284-0
                                                                                                                                                                                                                                                    • Opcode ID: 4589879bdc8d01a82125ca6030aabb5045e01ece215280f7d5df969d91ec82e2
                                                                                                                                                                                                                                                    • Instruction ID: 55485d6cb24d0bed0cf6dd171396515a6c59bfd239a711c01a9a3f75a9a3cab6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4589879bdc8d01a82125ca6030aabb5045e01ece215280f7d5df969d91ec82e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F01972442A02ABD7415FA4EE88ADABA29BF12702F402226F24290CA1C7749469DF94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00475D30
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00475D71
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00475D99
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00475ED7
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00475EF8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1296646539-0
                                                                                                                                                                                                                                                    • Opcode ID: 2ae35087b2b6ca8b4124f2e6a800be0f3e5c3b8a762aefacbf9a847b69c31e46
                                                                                                                                                                                                                                                    • Instruction ID: ccd86d2104b3096c30a5198d6efcb7b7632cbe0ba140de3b08e5169d17b59aff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae35087b2b6ca8b4124f2e6a800be0f3e5c3b8a762aefacbf9a847b69c31e46
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89B17A78A0064ADBDB10CFB9C4407EEB7F1FF58310F14851AE8A9D7250D738AA51DB69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 004A00BA
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A00D6
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 004A00ED
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A010B
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 004A0122
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A0140
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                    • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                    • Instruction ID: 8b82e56d3e0492eef9f3f844e08428289fb67a8b9a53717ad956e76b73fab952
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C810672A007069BEB209E29CC41BAB77E8EF62328F24413FF451D7381E779D9048798
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004F3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,004F101C,00000000,?,?,00000000), ref: 004F3195
                                                                                                                                                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 004F1DC0
                                                                                                                                                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 004F1DE1
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1DF2
                                                                                                                                                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 004F1E8C
                                                                                                                                                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 004F1EDB
                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 004F1F35
                                                                                                                                                                                                                                                      • Part of subcall function 004D39E8: _strlen.LIBCMT ref: 004D39F2
                                                                                                                                                                                                                                                      • Part of subcall function 00476D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0048CF58,?,?,?), ref: 00476DBA
                                                                                                                                                                                                                                                      • Part of subcall function 00476D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0048CF58,?,?,?), ref: 00476DED
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1923757996-0
                                                                                                                                                                                                                                                    • Opcode ID: 066ff1fa4e2c441630a52f7b45f2c32b8c497442ffc30e7608863848ac4ed5a9
                                                                                                                                                                                                                                                    • Instruction ID: d82fea2a72b7dcbb54f7b9392b7db0d684db8a6307eeec9fc04962432ad39012
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 066ff1fa4e2c441630a52f7b45f2c32b8c497442ffc30e7608863848ac4ed5a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55A1E130104344AFC324EF21C881E7B7BA5AF85318F54894EF55A5B3A2CB39ED46CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,004982D9,004982D9,?,?,?,004A644F,00000001,00000001,8BE85006), ref: 004A6258
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,004A644F,00000001,00000001,8BE85006,?,?,?), ref: 004A62DE
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004A63D8
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004A63E5
                                                                                                                                                                                                                                                      • Part of subcall function 004A3820: RtlAllocateHeap.NTDLL(00000000,?,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6,?,00471129), ref: 004A3852
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004A63EE
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004A6413
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                                                                                                    • Opcode ID: 12adf4ec90e8e7f129f0a20d0bd80843e6e154d170364c1b625a22ad49616f2a
                                                                                                                                                                                                                                                    • Instruction ID: 003dd8dcb040ffc6f696e0fab4576e3848d00b987705d886bc8cb9e59e2146b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12adf4ec90e8e7f129f0a20d0bd80843e6e154d170364c1b625a22ad49616f2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90510572600216AFDF259F64CC81EAF77A9EF66710F1A462AFC05D6240EB38DC41C768
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,004FB6AE,?,?), ref: 004FC9B5
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FC9F1
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA68
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA9E
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004FBCCA
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004FBD25
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FBD6A
                                                                                                                                                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 004FBD99
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004FBDF3
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004FBDFF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1120388591-0
                                                                                                                                                                                                                                                    • Opcode ID: d0daa65bf9149209f215985e0f13289d59f265e0f6ad1fde6b2675c87c5c6618
                                                                                                                                                                                                                                                    • Instruction ID: d036abd0cf9d39ff00ee56d6aed36161b5363c21efcc2191756e45cd57b4d931
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0daa65bf9149209f215985e0f13289d59f265e0f6ad1fde6b2675c87c5c6618
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5781BB70208245AFC714DF24C885E6BBBE5FF85308F14895EF6594B2A2CB35ED05CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 004CF7B9
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000001), ref: 004CF860
                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(004CFA64,00000000), ref: 004CF889
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(004CFA64), ref: 004CF8AD
                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(004CFA64,00000000), ref: 004CF8B1
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004CF8BB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3859894641-0
                                                                                                                                                                                                                                                    • Opcode ID: 50e96b2f4598db2d13f6724ee9c2a20f03e1fa380c5d5c400fd00924c6846d88
                                                                                                                                                                                                                                                    • Instruction ID: 5ef3e40d4c51efadcd0db8dda57327b5e2fd7f7dab7d2ad83df073968baa8327
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50e96b2f4598db2d13f6724ee9c2a20f03e1fa380c5d5c400fd00924c6846d88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551B379600300ABCF54AB66D895F29B3A6AF45314B20846FE906DF291D77C8C4887AF
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00477620: _wcslen.LIBCMT ref: 00477625
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 004E94E5
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E9506
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E952D
                                                                                                                                                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 004E9585
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                    • Opcode ID: 4b2eba0bf064b24239e82696c25a5711e69a0fa06f4f79a26a6881abf5ab5982
                                                                                                                                                                                                                                                    • Instruction ID: 74add43ebe0341e765884bd2ee5d6719e2c3e5e942a964f97931bb0bf7e229ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b2eba0bf064b24239e82696c25a5711e69a0fa06f4f79a26a6881abf5ab5982
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24E1B3315043409FD724EF26C481AAEB7E0BF85318F14896EF8899B3A2DB35DD05CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?,?), ref: 00489241
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004892A5
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004892C2
                                                                                                                                                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004892D3
                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00489321
                                                                                                                                                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004C71EA
                                                                                                                                                                                                                                                      • Part of subcall function 00489339: BeginPath.GDI32(00000000), ref: 00489357
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3050599898-0
                                                                                                                                                                                                                                                    • Opcode ID: 0388768fe3cf4e3882f9548913b468a49b214948586a64f8fbdea9056e90b0dd
                                                                                                                                                                                                                                                    • Instruction ID: b7ee9f5898c1bddcb4f0f07450873b55020c2d66eef6db7405beae52605ae80c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0388768fe3cf4e3882f9548913b468a49b214948586a64f8fbdea9056e90b0dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541A234104600AFD721EF14CC84FBA7BA8EB5A324F180A6EF954872E1C7759C49EB66
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 004E080C
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 004E0847
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 004E0863
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004E08DC
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 004E08F3
                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 004E0921
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3368777196-0
                                                                                                                                                                                                                                                    • Opcode ID: 5fb9f4d8958da50fd960983b4af42b83d3eea561f180f9c50575af90583bb14e
                                                                                                                                                                                                                                                    • Instruction ID: cd9bd1d245ca51e3219f884599048cd0fbdab6c62b54b1d625949cee1c68a544
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fb9f4d8958da50fd960983b4af42b83d3eea561f180f9c50575af90583bb14e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF419C71900205EFDF14AF55DC85A6E7B78FF45304F1040AAED009A297D774DE68DBA8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,004CF3AB,00000000,?,?,00000000,?,004C682C,00000004,00000000,00000000), ref: 0050824C
                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 00508272
                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005082D1
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 005082E5
                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 0050830B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0050832F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 642888154-0
                                                                                                                                                                                                                                                    • Opcode ID: e85bca55d1b3f8390ddfe20bed7b9d8f3b73823dd9e9205bdedf11c63766f88e
                                                                                                                                                                                                                                                    • Instruction ID: 4439e3227464c1a77c81436f87ae33857f422677f7e894f862cddb77742dae30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85bca55d1b3f8390ddfe20bed7b9d8f3b73823dd9e9205bdedf11c63766f88e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB41A138601A45AFDB25CF14CD99FF87FE0BB5A714F180268E6484F2E2CB31A845DB40
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 004D4C95
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 004D4CB2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004D4CEA
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004D4D08
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 004D4D10
                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 004D4D1A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 72514467-0
                                                                                                                                                                                                                                                    • Opcode ID: 630c812c11da1406df64f5b4e0ce34157efc3b62f54601d5ae6bdf472cffa790
                                                                                                                                                                                                                                                    • Instruction ID: a9b66951d0a20ae821eb9334ed90f8e72352b2f3d1b4e5f0cc1cd84a61ad679e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 630c812c11da1406df64f5b4e0ce34157efc3b62f54601d5ae6bdf472cffa790
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE21F531204200BBEB255B2AAC59E7F7F9DDF85750F10402FF805CA291DA79CC4196A4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00473AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00473A97,?,?,00472E7F,?,?,?,00000000), ref: 00473AC2
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004E587B
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004E5995
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0050FCF8,00000000,00000001,0050FB68,?), ref: 004E59AE
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004E59CC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                    • Opcode ID: 2f3021400d1a2da0a97329d3eaee813a2473b7095d8899454d4082e7d99a1184
                                                                                                                                                                                                                                                    • Instruction ID: 71fa0b6166dae9016bab21b4318dbfd0cc8a960345bf2d2af8a4bb36ac405983
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f3021400d1a2da0a97329d3eaee813a2473b7095d8899454d4082e7d99a1184
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5D164706046019FC714DF26C480A6EBBE1FF89719F14895EF8899B362DB39EC05CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004D0FCA
                                                                                                                                                                                                                                                      • Part of subcall function 004D0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004D0FD6
                                                                                                                                                                                                                                                      • Part of subcall function 004D0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004D0FE5
                                                                                                                                                                                                                                                      • Part of subcall function 004D0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004D0FEC
                                                                                                                                                                                                                                                      • Part of subcall function 004D0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004D1002
                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,004D1335), ref: 004D17AE
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 004D17BA
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 004D17C1
                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 004D17DA
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,004D1335), ref: 004D17EE
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D17F5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3008561057-0
                                                                                                                                                                                                                                                    • Opcode ID: cfba17f7863c3895235188d3471c3d13bfd4d4b2c716eeb3eb516ac1e867cace
                                                                                                                                                                                                                                                    • Instruction ID: 3cfd2fbdc38e1f0b9e6f7fe3dc648fde6d4247182edac1d18c84dc15a15dba5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfba17f7863c3895235188d3471c3d13bfd4d4b2c716eeb3eb516ac1e867cace
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF11BE31600205FFDB109FA4CDA9BAFBBB9FB46355F10421AF84197320C739A944DB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004D14FF
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004D1506
                                                                                                                                                                                                                                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 004D1515
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000004), ref: 004D1520
                                                                                                                                                                                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 004D154F
                                                                                                                                                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 004D1563
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1413079979-0
                                                                                                                                                                                                                                                    • Opcode ID: 130a855d03566cbc7a59f786e11c3b26dbcf096a8e246c4b3047e154280e9a93
                                                                                                                                                                                                                                                    • Instruction ID: 30f5146f64885bdc2ceeef8be686f2a60d2eaaf6461990ea2582fef9d509aeba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 130a855d03566cbc7a59f786e11c3b26dbcf096a8e246c4b3047e154280e9a93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC115C72500209BBDF118F94ED59BDE7BA9EF49744F048116FE05A22A0C3798E64EB60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00493379,00492FE5), ref: 00493390
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0049339E
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004933B7
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00493379,00492FE5), ref: 00493409
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: 1e48d7cef4d2e1ca6500b68cc1538a603b355c4da248a5d45b0888fa236e8f6f
                                                                                                                                                                                                                                                    • Instruction ID: 9b4ca16028430672122a5e3228c233c1cfd05994153b040ce19ca36e3f0b5055
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e48d7cef4d2e1ca6500b68cc1538a603b355c4da248a5d45b0888fa236e8f6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3501D232249311AEEE382B756D8955B2E54DB2777A320023FF811903F1EE195D06624C
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,004A5686,004B3CD6,?,00000000,?,004A5B6A,?,?,?,?,?,0049E6D1,?,00538A48), ref: 004A2D78
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2DAB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2DD3
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,0049E6D1,?,00538A48,00000010,00474F4A,?,?,00000000,004B3CD6), ref: 004A2DE0
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,0049E6D1,?,00538A48,00000010,00474F4A,?,?,00000000,004B3CD6), ref: 004A2DEC
                                                                                                                                                                                                                                                    • _abort.LIBCMT ref: 004A2DF2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                                                                                                    • Opcode ID: 364be2ce43f060eab5c17c53a9ee27cfbe6f8d15cbfaa8c035545098e6734fab
                                                                                                                                                                                                                                                    • Instruction ID: 6f94aa446f636d4c6f2989b4c7347d8ca4b50378fe901a09147c58c170afdf42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 364be2ce43f060eab5c17c53a9ee27cfbe6f8d15cbfaa8c035545098e6734fab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87F0A97250550027C262273E7E06B5F1A59AFF3765B25051FF424922D3EEAC88057169
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00489693
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: SelectObject.GDI32(?,00000000), ref: 004896A2
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: BeginPath.GDI32(?), ref: 004896B9
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: SelectObject.GDI32(?,00000000), ref: 004896E2
                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00508A4E
                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00508A62
                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00508A70
                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00508A80
                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00508A90
                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00508AA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                                                                                                                                    • Opcode ID: 985cfa9aa6fe69cf1a7d944fdf7fd8f60edee7d54e027e72f20425290a12f555
                                                                                                                                                                                                                                                    • Instruction ID: c10d4c80dace8880d9fef4dad334ad00cadcdb5926e9e1a5c4578974965c5d75
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 985cfa9aa6fe69cf1a7d944fdf7fd8f60edee7d54e027e72f20425290a12f555
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74110976000108FFEB129F94DC88EAE7F6CEB19354F048152FA199A1A1C7719D59EBA0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004D5218
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D5229
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D5230
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 004D5238
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 004D524F
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 004D5261
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                    • Opcode ID: 811206679fe1b481b8377d165fcc27cfb1fda1439f522868ae8a985ba73ef257
                                                                                                                                                                                                                                                    • Instruction ID: 77fe69cb8226d5274baad05ca73746bc16e0a430f4809586b7c32d635073648b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 811206679fe1b481b8377d165fcc27cfb1fda1439f522868ae8a985ba73ef257
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2501A275E00708BBEB109BA69C49F4EBFB8EF59351F044166FA04A7380DA709C08DFA0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00471BF4
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00471BFC
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00471C07
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00471C12
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00471C1A
                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00471C22
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                                                                                                                                    • Opcode ID: 728699eba49e3739c8e71dc37fecfe79b959dde978b67908aea446b52365670a
                                                                                                                                                                                                                                                    • Instruction ID: 61f296492e8e21cfcb14095fde25465bc365e838ed88c60f09ee2db47b93d792
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 728699eba49e3739c8e71dc37fecfe79b959dde978b67908aea446b52365670a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07016CB09027597DE3008F5A8C85B56FFA8FF19354F00411B915C4B941C7F5A864CBE5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 004DEB30
                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 004DEB46
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 004DEB55
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004DEB64
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004DEB6E
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004DEB75
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                                                                                                                                    • Opcode ID: 0cd65e5fef912c698358ceb20732a93bc7895207f9b96d87d48f64f09e19af18
                                                                                                                                                                                                                                                    • Instruction ID: d6e5519617db0b89ebebda69bd8e85ef7765e2feb33f1241e1941f3d867ec3c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cd65e5fef912c698358ceb20732a93bc7895207f9b96d87d48f64f09e19af18
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAF0BE72200118BBE7305B629C0EEEF3E7CEFDBB11F000259F601D5190D7A12A05EAB4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?), ref: 004C7452
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 004C7469
                                                                                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 004C7475
                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 004C7484
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 004C7496
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000005), ref: 004C74B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 272304278-0
                                                                                                                                                                                                                                                    • Opcode ID: 82f2398eed25bc6a39ca0d8e6afe8be7aca47cac387c3e01d92dfb7f3924942c
                                                                                                                                                                                                                                                    • Instruction ID: 5256edea1021f6d9ec1e814ee01a2699db187b7e87457063b1bf0eea009bb7d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82f2398eed25bc6a39ca0d8e6afe8be7aca47cac387c3e01d92dfb7f3924942c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC017835400605EFDB605F64DC08BAE7FB5FB15321F1402A5FE16A21A0CB311E46AF15
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004D187F
                                                                                                                                                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 004D188B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004D1894
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004D189C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 004D18A5
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D18AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                                                                                                                                    • Opcode ID: 71b2cffc95a48f9f4a736686c1042c0e4408e01cd24c32d996f9ce5318c7286b
                                                                                                                                                                                                                                                    • Instruction ID: 14cd693b83a27fea38efc73494369ec303978abff00d8baabcebb57b297610b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71b2cffc95a48f9f4a736686c1042c0e4408e01cd24c32d996f9ce5318c7286b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61E0E536004101BBDB015FA1ED0C94EBF39FF6AB22B108724F225810B0CB329424EF90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0047BEB3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                    • String ID: D%T$D%T$D%T$D%TD%T
                                                                                                                                                                                                                                                    • API String ID: 1385522511-1926685697
                                                                                                                                                                                                                                                    • Opcode ID: b39c18a8048a1771e6bb87a4e4a421ca0e89cfba2b177fc431fb49f570f7ef09
                                                                                                                                                                                                                                                    • Instruction ID: 519f808629e8fe8e42f35872c075c3001e71d951d085359f6fcb9ba44844caad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b39c18a8048a1771e6bb87a4e4a421ca0e89cfba2b177fc431fb49f570f7ef09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E912775A0021A8FCB24CF58C0906EABBF1FF59314F24C16EE949AB350D739A981DBD4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00490242: EnterCriticalSection.KERNEL32(0054070C,00541884,?,?,0048198B,00542518,?,?,?,004712F9,00000000), ref: 0049024D
                                                                                                                                                                                                                                                      • Part of subcall function 00490242: LeaveCriticalSection.KERNEL32(0054070C,?,0048198B,00542518,?,?,?,004712F9,00000000), ref: 0049028A
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004900A3: __onexit.LIBCMT ref: 004900A9
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 004F7BFB
                                                                                                                                                                                                                                                      • Part of subcall function 004901F8: EnterCriticalSection.KERNEL32(0054070C,?,?,00488747,00542514), ref: 00490202
                                                                                                                                                                                                                                                      • Part of subcall function 004901F8: LeaveCriticalSection.KERNEL32(0054070C,?,00488747,00542514), ref: 00490235
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                    • String ID: +TL$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                    • API String ID: 535116098-9785603
                                                                                                                                                                                                                                                    • Opcode ID: 218f4ce80d2352efc08969399e79d47b5f049cfc212dc76d0bdf138bdd16f4c6
                                                                                                                                                                                                                                                    • Instruction ID: 27a901c3ed27d7875b422bca43df5309c0a3cdeb7a533991ad1c954877a872a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 218f4ce80d2352efc08969399e79d47b5f049cfc212dc76d0bdf138bdd16f4c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC919D70604208AFCB04EF55D8819FEBBB1BF45304F50805EFA059B392DB79AE41CB59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00477620: _wcslen.LIBCMT ref: 00477625
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004DC6EE
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004DC735
                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004DC79C
                                                                                                                                                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 004DC7CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: efcd07f49da973019e2319602106c9cabfaa1faf0acff1a6a799f8f79f9b115c
                                                                                                                                                                                                                                                    • Instruction ID: 4e4c43d3a8c6d73f17df28d4e7be623025b75f4068b53a80939a8a08871b5426
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efcd07f49da973019e2319602106c9cabfaa1faf0acff1a6a799f8f79f9b115c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C651D0716043039BD714AF28C8E5BAB7BE4AF85314F040A2FF995D2390DB78D844DB5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 004FAEA3
                                                                                                                                                                                                                                                      • Part of subcall function 00477620: _wcslen.LIBCMT ref: 00477625
                                                                                                                                                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 004FAF38
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FAF67
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                    • String ID: <$@
                                                                                                                                                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                    • Opcode ID: c103c4ac104c45aa38d3920857084a7778239b2fc5d8ffdb271cea48a40cb86d
                                                                                                                                                                                                                                                    • Instruction ID: 2d2617cb15ab739a7f3debd2190aefab0296a79b0f94b762a6db96af37a5f429
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c103c4ac104c45aa38d3920857084a7778239b2fc5d8ffdb271cea48a40cb86d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91716BB0A00619DFCB14DF55C484AAEBBF0BF08318F14849EE91AAB352C778ED55CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 004D7206
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 004D723C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 004D724D
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004D72CF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                    • String ID: DllGetClassObject
                                                                                                                                                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                    • Opcode ID: fb1ca64bb245375c0b35eb317d382584a6435e169cdb6e50a3e6a19ed4731c73
                                                                                                                                                                                                                                                    • Instruction ID: 68489fa47aac75062c0609fb084bbf555b17c608df2c9ed79a696824c5a8a4c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb1ca64bb245375c0b35eb317d382584a6435e169cdb6e50a3e6a19ed4731c73
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE416A71A04204AFDB15CF54C894A9A7FA9EF44314F1480AFBD059F34AE7B8D945CBA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00503E35
                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00503E4A
                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00503E92
                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00503EA5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 80c40b3c8573ab2b9456450f6fe96076db55dec5a3a5871ccb92e2d94dce074a
                                                                                                                                                                                                                                                    • Instruction ID: c4fac1e8bff063c152d37a6fb224c1598248bb9144ef8d749c7c17d9a3b16469
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80c40b3c8573ab2b9456450f6fe96076db55dec5a3a5871ccb92e2d94dce074a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B413779A01609EFDB10DF60D884AEEBBBDFF49354F044229E905AB290D730AE54DF60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 004D1E66
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 004D1E79
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 004D1EA9
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: 84664dec7f4c5fa3335b9ba9f3bbc639fd8e60095b2446ed34de832c61bdb10b
                                                                                                                                                                                                                                                    • Instruction ID: 40e17303588aa7253d53e4050ee363861d00f30fa0199c84ab2283031c01b936
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84664dec7f4c5fa3335b9ba9f3bbc639fd8e60095b2446ed34de832c61bdb10b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC210171A00104BADB14AB65CC66CFFBBA9EF52358B10811FFC25A72E1DB3C4D0A9624
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                    • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                    • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                    • Opcode ID: c683a5811ceced86c061e42e4d3bd468a963e3599f37853723e356fb6f5e650b
                                                                                                                                                                                                                                                    • Instruction ID: 176c42261051ab62e5ae73f801a7f0ac46b38e6ce8f454eefc1db865517c75cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c683a5811ceced86c061e42e4d3bd468a963e3599f37853723e356fb6f5e650b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12312772E0016D4ACB20DE3DCAD16BF37919BA1784F05402BE9056B344EA79ED44D3A8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00502F8D
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00502F94
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00502FA9
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00502FB1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                    • Opcode ID: 5b7018e160121dc9aaa20ea0b21c699f28c6fa8bb1a42f5eb39655cbc5fb8822
                                                                                                                                                                                                                                                    • Instruction ID: a4c771555160ebf863c7668e022f4ff185646d3a408f14b1053ba299f2390e35
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b7018e160121dc9aaa20ea0b21c699f28c6fa8bb1a42f5eb39655cbc5fb8822
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121F07120020AABEB214F64DC8AEBF7BBDFB993A8F100618F950D60D0C771DC41A760
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00494D1E,004A28E9,?,00494CBE,004A28E9,005388B8,0000000C,00494E15,004A28E9,00000002), ref: 00494D8D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00494DA0
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00494D1E,004A28E9,?,00494CBE,004A28E9,005388B8,0000000C,00494E15,004A28E9,00000002,00000000), ref: 00494DC3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 3d8823c3e7006af049ee89f629eb15da861eb24d9774d4fc8b570344885919bd
                                                                                                                                                                                                                                                    • Instruction ID: e05207196b6cd8aadf1cf4df2dec71e9c4d60fe18bce765c803d4d2ac1f065d2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d8823c3e7006af049ee89f629eb15da861eb24d9774d4fc8b570344885919bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0A434500208BFDB115F90DC09BEEBFB4EF55711F000265F805A6290DB745985DB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00474EDD,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E9C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00474EAE
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00474EDD,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474EC0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                    • Opcode ID: 1e2db8c9f434fe8b616dc5a563daef0f07add2caee4125b5f5842d60c243be98
                                                                                                                                                                                                                                                    • Instruction ID: e46d4f7bae8685aaaab408ce3a4797e656fec52c84a09da756a337fd3f03cac5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e2db8c9f434fe8b616dc5a563daef0f07add2caee4125b5f5842d60c243be98
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E08636A016225BD2211B256C18ABF6E54AFD3B73B054216FC04D2340DB68CD09D0A4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,004B3CDE,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E62
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00474E74
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,004B3CDE,?,00541418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00474E87
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                    • Opcode ID: 59965c24a3e7f3a919bdd6b14716caec76e6bfacadebda6644c3befeb15ebd3e
                                                                                                                                                                                                                                                    • Instruction ID: bdacd5181801e73501069bda63b76ed88244ef15677f76908532147d231f6bfa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59965c24a3e7f3a919bdd6b14716caec76e6bfacadebda6644c3befeb15ebd3e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9D0C23250262157C6221B246C08DDF2E1CFFC7B313054312B808E6250CF68CD01D6D4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004E2C05
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 004E2C87
                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 004E2C9D
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004E2CAE
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004E2CC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3226157194-0
                                                                                                                                                                                                                                                    • Opcode ID: df736b680f1a2ceef69f27a07a80966773f689423e77acfd691412afb8dbbf69
                                                                                                                                                                                                                                                    • Instruction ID: 9c8f8e28f22e149293d176e0114c09de8fdbdb814514415928aa45303b2a4e40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df736b680f1a2ceef69f27a07a80966773f689423e77acfd691412afb8dbbf69
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6B18F71D00119ABDF11EFA6CD85EDEBBBCEF08314F1040ABF609E6141EA789A448F65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 004FA427
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 004FA435
                                                                                                                                                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 004FA468
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004FA63D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3488606520-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d3c658d0181252cea05d7cf8dcc5d9b5234ecf7f487d54ef7caa1a4a912c5cf
                                                                                                                                                                                                                                                    • Instruction ID: 9cc0744ee7e381940758b825c55cb4ce67bbe87c288cc37e593025662a4d505e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d3c658d0181252cea05d7cf8dcc5d9b5234ecf7f487d54ef7caa1a4a912c5cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAA192B1604300AFD720DF25C886F2AB7E5AF44718F14881EF99A9B3D2D774EC458B96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,004DCF22,?), ref: 004DDDFD
                                                                                                                                                                                                                                                      • Part of subcall function 004DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,004DCF22,?), ref: 004DDE16
                                                                                                                                                                                                                                                      • Part of subcall function 004DE199: GetFileAttributesW.KERNEL32(?,004DCF95), ref: 004DE19A
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 004DE473
                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 004DE4AC
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004DE5EB
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004DE603
                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 004DE650
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3183298772-0
                                                                                                                                                                                                                                                    • Opcode ID: 517b5257abf1401e2618ab05274199d7d0a20d2fbb4db21d7ab1422e01e62764
                                                                                                                                                                                                                                                    • Instruction ID: 458319a642e2a727b2392329b45a98cdd4e95e6cd59ae8f20dd5544aee236bc5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 517b5257abf1401e2618ab05274199d7d0a20d2fbb4db21d7ab1422e01e62764
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0751A2B24083445BCB24EB91DC919DF77DCAF95344F00492FF689C7291EF38A588876A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,004FB6AE,?,?), ref: 004FC9B5
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FC9F1
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA68
                                                                                                                                                                                                                                                      • Part of subcall function 004FC998: _wcslen.LIBCMT ref: 004FCA9E
                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 004FBAA5
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004FBB00
                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 004FBB63
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 004FBBA6
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004FBBB3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 826366716-0
                                                                                                                                                                                                                                                    • Opcode ID: 0496fb5901e36a058a730713b118c36971dc5fd7a5c39b8d0f32553f93bb994d
                                                                                                                                                                                                                                                    • Instruction ID: 7d2e985733aaed45a7e43b6c42005051a2995354e747a9d05d097ae461e728b5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0496fb5901e36a058a730713b118c36971dc5fd7a5c39b8d0f32553f93bb994d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E161DF70208205AFC714DF14C890E7ABBE4FF85308F14899EF5998B2A2CB35ED45CB92
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004D8BCD
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 004D8C3E
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 004D8C9D
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004D8D10
                                                                                                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 004D8D3B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4136290138-0
                                                                                                                                                                                                                                                    • Opcode ID: 6499051204d0955b6d9f70830075451dba36ae8fabac53441341a9465fc07906
                                                                                                                                                                                                                                                    • Instruction ID: b5442662d777033db70cfcaafbb9ebe0ac937cfc97bcd65c660ce9e603c26e10
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6499051204d0955b6d9f70830075451dba36ae8fabac53441341a9465fc07906
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B5189B1A00219EFCB10CF28C894AAABBF9FF89310B15855AE905DB350E734E911CF94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 004E8BAE
                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 004E8BDA
                                                                                                                                                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 004E8C32
                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 004E8C57
                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 004E8C5F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2832842796-0
                                                                                                                                                                                                                                                    • Opcode ID: 12f0f8b01a1c3a744c80bc9d957e6876e74aaac5d365c738f72d646573895d78
                                                                                                                                                                                                                                                    • Instruction ID: 61ccfc47a336055bebc94beef18ea323495d22f8a81a65aaec3c82bbfb7952cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12f0f8b01a1c3a744c80bc9d957e6876e74aaac5d365c738f72d646573895d78
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0515C35A00215AFCB10DF65C881AAEBBF1FF49318F18C459E849AB362CB35ED41CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 004F8F40
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 004F8FD0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 004F8FEC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 004F9032
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004F9052
                                                                                                                                                                                                                                                      • Part of subcall function 0048F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,004E1043,?,753CE610), ref: 0048F6E6
                                                                                                                                                                                                                                                      • Part of subcall function 0048F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,004CFA64,00000000,00000000,?,?,004E1043,?,753CE610,?,004CFA64), ref: 0048F70D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 666041331-0
                                                                                                                                                                                                                                                    • Opcode ID: 18b0d9552a48985f5f9bc6b146149b19c3ebbdd0c926850fc7002dd73f66d8e6
                                                                                                                                                                                                                                                    • Instruction ID: c93f429406153f5eea1b7ddaf3887ec06da364c7f303b304cefed3bd4149c35b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18b0d9552a48985f5f9bc6b146149b19c3ebbdd0c926850fc7002dd73f66d8e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5514C34600209DFC711DF58C4849AEBBF1FF49318B08819AE90A9B362DB35ED86CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00506C33
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00506C4A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00506C73
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,004EAB79,00000000,00000000), ref: 00506C98
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00506CC7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3688381893-0
                                                                                                                                                                                                                                                    • Opcode ID: feb2cca8dcb97ec61244c09e59c011976651cf4c72fe162cd10f89f455445b37
                                                                                                                                                                                                                                                    • Instruction ID: 4859609eeea5f1968a9ac13ff30a5b1627ebae76646489050ad8cdadd89f075e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: feb2cca8dcb97ec61244c09e59c011976651cf4c72fe162cd10f89f455445b37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D241E635A04104AFE724CF28CD59FAD7FA5FB0A350F140628F995AB2E0C771ED61DA40
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                    • Opcode ID: 1c5452acec4fa182b32f67e8f8d44531032d27cfd49536322dcf8fdbfeb3df5d
                                                                                                                                                                                                                                                    • Instruction ID: 41795f860000566b30a29f0e7400385a83c123d017100794ecb99cef87152d8b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c5452acec4fa182b32f67e8f8d44531032d27cfd49536322dcf8fdbfeb3df5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2413272A002009FCB24DF7CCA80A5EB7E1EF9A314F15456EE605EB391D674AD01EB84
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00489141
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 0048915E
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00489183
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 0048919D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4210589936-0
                                                                                                                                                                                                                                                    • Opcode ID: 13c1a8a85b4245312963bd6f07b0f44129699e791202c6af89c158678ad4d90d
                                                                                                                                                                                                                                                    • Instruction ID: 43b5d5ea49438cb3b4ba33618fcc1486fdf597e590a0af8242b192e727bd9c34
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13c1a8a85b4245312963bd6f07b0f44129699e791202c6af89c158678ad4d90d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59416E35A0850ABBDF15AF64C848BFEB774FB05324F24861AE425A23D0CB385D54DF95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 004E38CB
                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 004E3922
                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 004E394B
                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 004E3955
                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004E3966
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2256411358-0
                                                                                                                                                                                                                                                    • Opcode ID: 0f0ab5631812da542048f188102f3a4211c5a6f110d7ff284a4e4d26032cb204
                                                                                                                                                                                                                                                    • Instruction ID: 6c3c1741adf1c395fbacbac79ca7008fef68d4854a5882c9269828b0fbce78b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f0ab5631812da542048f188102f3a4211c5a6f110d7ff284a4e4d26032cb204
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B3198B45047C19EEB36CF36984DBB73BE8AB16307F04055FE452832A1D3B89689DB19
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,004EC21E,00000000), ref: 004ECF38
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 004ECF6F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,004EC21E,00000000), ref: 004ECFB4
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,004EC21E,00000000), ref: 004ECFC8
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,004EC21E,00000000), ref: 004ECFF2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3191363074-0
                                                                                                                                                                                                                                                    • Opcode ID: 772648587a03d0547f5ebca8a4eaf7e91fae36afde8ee1dd22c81d00c5aaa121
                                                                                                                                                                                                                                                    • Instruction ID: 5b42da427ec8a6c3e33e3eb1023ad8024dcff7704cec9affddc9699fd7f0b92f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 772648587a03d0547f5ebca8a4eaf7e91fae36afde8ee1dd22c81d00c5aaa121
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C317F71500245EFDB20DFA6C8C4AAFBBF9EF14316B10442FF506D2280D738AD469B64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004D1915
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 004D19C1
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 004D19C9
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 004D19DA
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 004D19E2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                                                                                                                                    • Opcode ID: 62dbf7f99d6ee4aa79e6448907127da22d58891bafe3bce8c47619f3fc022646
                                                                                                                                                                                                                                                    • Instruction ID: dd9138468bb814445548a9bce2f1319406399c8a1db07fed053131f6f48e66c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62dbf7f99d6ee4aa79e6448907127da22d58891bafe3bce8c47619f3fc022646
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31AFB1900219EFCB10CFA8C9A9ADE3BB5EB15315F10436AFD21AB3E1C7749944DB91
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00505745
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 0050579D
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 005057AF
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 005057BA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00505816
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 763830540-0
                                                                                                                                                                                                                                                    • Opcode ID: f5c4fc71c0e0c7573911fb43bea7fe6f2ab8d7a614aa7dc84f3e85e64c28eeee
                                                                                                                                                                                                                                                    • Instruction ID: 46aacaf1c158dd90706c48c03a27bd7099a3e2af4249ee8d65ffb70dd75690ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5c4fc71c0e0c7573911fb43bea7fe6f2ab8d7a614aa7dc84f3e85e64c28eeee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B21A075904618AADF208FA4CC84AEE7FBCFF54324F108626E929EA1C0E7708985CF50
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 004F0951
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 004F0968
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004F09A4
                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 004F09B0
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 004F09E8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                                                                                                                                    • Opcode ID: 817e79b89e707917be08eed7fca3fab65c7bc1006c48fd567b5ccfc1ae25f3b0
                                                                                                                                                                                                                                                    • Instruction ID: 687eac22d8ce95226eef56bb4c31e34fda5d4b609a0bf0c7fc5481c3cebe41fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 817e79b89e707917be08eed7fca3fab65c7bc1006c48fd567b5ccfc1ae25f3b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C921A175600204AFD714EF6AC885EAEBBE5EF49704F00816DF94A97362DB74AC04DB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 004ACDC6
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004ACDE9
                                                                                                                                                                                                                                                      • Part of subcall function 004A3820: RtlAllocateHeap.NTDLL(00000000,?,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6,?,00471129), ref: 004A3852
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004ACE0F
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004ACE22
                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004ACE31
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 336800556-0
                                                                                                                                                                                                                                                    • Opcode ID: ada0d713c7822f17188498602083b954147793e7e5191899de2194e52e55d57c
                                                                                                                                                                                                                                                    • Instruction ID: ddbbfefa0f4a46a301ea5a79ffa865b32cac17fbd58c780637b549513557401e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ada0d713c7822f17188498602083b954147793e7e5191899de2194e52e55d57c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE01D4726022157F67611BBA6CC8C7F6D6DDEE7BA1315022FF905DB301EA688D0291F8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00489693
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 004896A2
                                                                                                                                                                                                                                                    • BeginPath.GDI32(?), ref: 004896B9
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 004896E2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3225163088-0
                                                                                                                                                                                                                                                    • Opcode ID: f289bff782ffc9c7b9d59efdc9c9f82b092638b72cbde145400c6f76214ee757
                                                                                                                                                                                                                                                    • Instruction ID: 40bf225ffa719813e1cb5169a81341fe3740b3385ef3c89b20de064383e714a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f289bff782ffc9c7b9d59efdc9c9f82b092638b72cbde145400c6f76214ee757
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08213034801A05EBDB11AF64DC187FE3BA4BB62359F144616F411A71B0E3785C99EB9C
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                                                                                                                                    • Opcode ID: a643f2b92e09c985ad331bab19414312881bc57016e5969837065d9c7bd42f92
                                                                                                                                                                                                                                                    • Instruction ID: 5690b27b5a9e74c20027b838497f7fb58112fb5818bf7ee5e89efb8bdccaaaf5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a643f2b92e09c985ad331bab19414312881bc57016e5969837065d9c7bd42f92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F001D26124560AFBFA2851119D92EBB775CAB21398F200037FD049AB81FA28ED1186A9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0049F2DE,004A3863,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6), ref: 004A2DFD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2E32
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2E59
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00471129), ref: 004A2E66
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00471129), ref: 004A2E6F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                    • Opcode ID: 7eacd06f08b8e24b4d3300000dc7abc37dce8ece1a4064ac623196b26d036c14
                                                                                                                                                                                                                                                    • Instruction ID: 02311bbe23abbaf4df23c9704e11a2fbd7263cbdeeac15b6799472c9e6f835b8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eacd06f08b8e24b4d3300000dc7abc37dce8ece1a4064ac623196b26d036c14
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F901D6722056006BC612273E6E45D6F2A5DABF3779721052BF425A2292EAEC8C457129
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?,?,004D035E), ref: 004D002B
                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?), ref: 004D0046
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?), ref: 004D0054
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?), ref: 004D0064
                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,004CFF41,80070057,?,?), ref: 004D0070
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                                                                                                                                    • Opcode ID: dd260a22c4ca0d04fa006d4bd14e4e8b0bb4dfd29e68f535f32d876f8d3c5168
                                                                                                                                                                                                                                                    • Instruction ID: 6a14c1d08597b404750e0be330ad522109187c4d1e7db6fe54d09fbe7f79a2da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd260a22c4ca0d04fa006d4bd14e4e8b0bb4dfd29e68f535f32d876f8d3c5168
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C017C72600204BBDB124F68EC04BAE7EADEF84752F148226F905E3310D779DD449BA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004DE997
                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 004DE9A5
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 004DE9AD
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004DE9B7
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 004DE9F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                                                                                                                                    • Opcode ID: 66f576f98f95479b81f0fe0b3c64bdc8b9a29ea8c5003ce86478e07dd1438992
                                                                                                                                                                                                                                                    • Instruction ID: e3d96850ae5e8c399d301723cacbcf2664d51d30d8623930f1c7c2bf87731a49
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66f576f98f95479b81f0fe0b3c64bdc8b9a29ea8c5003ce86478e07dd1438992
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A016D71C02529DBCF00AFE6DD696DEBB78FF1A300F000697E502B6240CB389555DBA9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 004D1114
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1120
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D112F
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,004D0B9B,?,?,?), ref: 004D1136
                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 004D114D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 842720411-0
                                                                                                                                                                                                                                                    • Opcode ID: b6d3f254e8bce8d9f7c53e50197e14d094bc3fd884f90972806e5b6f22522e03
                                                                                                                                                                                                                                                    • Instruction ID: e8da5e65db1080d1a22bc2ed15481432b2ee1a8064233dab3b87009593aa3a7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6d3f254e8bce8d9f7c53e50197e14d094bc3fd884f90972806e5b6f22522e03
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D001F675200205BFEB114BA5DC5DA6F3F7EEF8A2A0B20451AFA45D6360DA31DC04AA60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004D0FCA
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004D0FD6
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004D0FE5
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004D0FEC
                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004D1002
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                    • Opcode ID: c0054e8701cabe017b0be2cf2ae5903d40b598ac4a6d185130099032fa2682f1
                                                                                                                                                                                                                                                    • Instruction ID: e60403515e0195099d80dbef31091a6ff7a3537e9b79d1096d2aa55d69ea3aaa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0054e8701cabe017b0be2cf2ae5903d40b598ac4a6d185130099032fa2682f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1F0A935200301BBDB221FA5AC5DF5B3FADEF9A762F100516FA05C63A0CA30DC40DA60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 004D102A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 004D1036
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004D1045
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 004D104C
                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004D1062
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                    • Opcode ID: ff6666752a3ecf6c8cd95dda319ed205d1f91f975653c6379a3c1a04168f12d5
                                                                                                                                                                                                                                                    • Instruction ID: 4a9b5baecc1695c2feb33c408b3d84692b12a7dfc6cd14892d8bc147b4325382
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff6666752a3ecf6c8cd95dda319ed205d1f91f975653c6379a3c1a04168f12d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77F04935200301BBDB226FA5EC59F5B3FADEF9A761F100516FA45D6360CA74D844DA60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E0324
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E0331
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E033E
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E034B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E0358
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,004E017D,?,004E32FC,?,00000001,004B2592,?), ref: 004E0365
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c1c4d1f7231fbdc50a20cd6ed3051e975576280fa726dad0591fdc3a409bbb3
                                                                                                                                                                                                                                                    • Instruction ID: 6186346147452242680ac070357cc7477384b08cdc94db2fd7d1e86a79dba7bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c1c4d1f7231fbdc50a20cd6ed3051e975576280fa726dad0591fdc3a409bbb3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7601A272800B559FC7309F66D880417FBF5BF603163158A3FD1A652A31C3B5A998DF84
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD752
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD764
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD776
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD788
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004AD79A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 7351c552f7f4425a21a4b22cd93171cde48436d7f9d19390c48bb03a3e71ea50
                                                                                                                                                                                                                                                    • Instruction ID: 45f082cf26692971310dfb941a584a04cc3e9d52c6c44435300ceb444453a397
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7351c552f7f4425a21a4b22cd93171cde48436d7f9d19390c48bb03a3e71ea50
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78F044B6A04204AF8655EB59F9C1C177BDDBB26710B95080BF046E7A12C728FC805779
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004D5C58
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 004D5C6F
                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 004D5C87
                                                                                                                                                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 004D5CA3
                                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 004D5CBD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                                                                                                                                    • Opcode ID: 875ce5532a31d880114fca4343f8a56cb0c8f9b61f7f64b1d8578894cb2398ec
                                                                                                                                                                                                                                                    • Instruction ID: e453f80578fb40d16f8327d4fd74a7d1330dce085df31d7f4b03140126557596
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 875ce5532a31d880114fca4343f8a56cb0c8f9b61f7f64b1d8578894cb2398ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F001D630500B04ABFB305B14DD5EFAA7BB8BB11B05F04025BA583A11E1DFF5A9889A95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A22BE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000), ref: 004A29DE
                                                                                                                                                                                                                                                      • Part of subcall function 004A29C8: GetLastError.KERNEL32(00000000,?,004AD7D1,00000000,00000000,00000000,00000000,?,004AD7F8,00000000,00000007,00000000,?,004ADBF5,00000000,00000000), ref: 004A29F0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A22D0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A22E3
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A22F4
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A2305
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: c7f1ae82346077882c8f40a0783e507d79e5a1f908ac2e47c9fcb3d24a0fd9ad
                                                                                                                                                                                                                                                    • Instruction ID: 8431428cf0243d2b27b5b7b469e549bec02be338dbf49260656d38caff8bf745
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f1ae82346077882c8f40a0783e507d79e5a1f908ac2e47c9fcb3d24a0fd9ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F06DFD5006109B8712AF69AD0188A3F68B73BB59700111BF400D23B1C7B80549BBED
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 004895D4
                                                                                                                                                                                                                                                    • StrokeAndFillPath.GDI32(?,?,004C71F7,00000000,?,?,?), ref: 004895F0
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00489603
                                                                                                                                                                                                                                                    • DeleteObject.GDI32 ref: 00489616
                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00489631
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2625713937-0
                                                                                                                                                                                                                                                    • Opcode ID: b0330e2ecd84c19551d52568763cc24b379b46be28042d0d2b63836c2edeeec9
                                                                                                                                                                                                                                                    • Instruction ID: 7bb9b29cb07f2153c2f5873253872b3b34ec52e59247fda4a58091797522b086
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0330e2ecd84c19551d52568763cc24b379b46be28042d0d2b63836c2edeeec9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1F03139005A04EBD7165F55ED1C7BD3F61A722326F048315F425561F0D7344999EF28
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$_free
                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                    • Opcode ID: 020c262733737ee0ad7fbd721fbf1c117e7630181721d0320e373b75d4919210
                                                                                                                                                                                                                                                    • Instruction ID: 64ab8e32415603d7377fca77d27a1fe9ddaa612669bb4ce838d4fb492a215112
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 020c262733737ee0ad7fbd721fbf1c117e7630181721d0320e373b75d4919210
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAD1F2719042069AEF249F68C855BFBB7B0EF27300F18415BE901ABB60D37D9D81CB59
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00490242: EnterCriticalSection.KERNEL32(0054070C,00541884,?,?,0048198B,00542518,?,?,?,004712F9,00000000), ref: 0049024D
                                                                                                                                                                                                                                                      • Part of subcall function 00490242: LeaveCriticalSection.KERNEL32(0054070C,?,0048198B,00542518,?,?,?,004712F9,00000000), ref: 0049028A
                                                                                                                                                                                                                                                      • Part of subcall function 004900A3: __onexit.LIBCMT ref: 004900A9
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 004F6238
                                                                                                                                                                                                                                                      • Part of subcall function 004901F8: EnterCriticalSection.KERNEL32(0054070C,?,?,00488747,00542514), ref: 00490202
                                                                                                                                                                                                                                                      • Part of subcall function 004901F8: LeaveCriticalSection.KERNEL32(0054070C,?,00488747,00542514), ref: 00490235
                                                                                                                                                                                                                                                      • Part of subcall function 004E359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 004E35E4
                                                                                                                                                                                                                                                      • Part of subcall function 004E359C: LoadStringW.USER32(00542390,?,00000FFF,?), ref: 004E360A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                    • String ID: x#T$x#T$x#T
                                                                                                                                                                                                                                                    • API String ID: 1072379062-3988759949
                                                                                                                                                                                                                                                    • Opcode ID: 10cec3d8ffd86ced27b8637477cd9c336e1f186c421514599dee2a887cfba976
                                                                                                                                                                                                                                                    • Instruction ID: d64b40fdb27df88cd3bdd494bc915b0f3f4f254b10da49439bd6017dc602c8ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10cec3d8ffd86ced27b8637477cd9c336e1f186c421514599dee2a887cfba976
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56C17E71A00109AFCB14EF59D891DBEB7B9EF48304F11806AFA05AB291D778ED45CB98
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: JOG
                                                                                                                                                                                                                                                    • API String ID: 0-487937789
                                                                                                                                                                                                                                                    • Opcode ID: b7cb7da39412467606a9ba40a5c64b7f7da4ecd9c092248bde95ef4c7bebe875
                                                                                                                                                                                                                                                    • Instruction ID: 1701465e041147f83cc2ca95d82a64ef418b63b7a6db58a814767c6aea88e546
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7cb7da39412467606a9ba40a5c64b7f7da4ecd9c092248bde95ef4c7bebe875
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D51D175D00609ABCF109FA5CA45BEF7FB4AF26324F14006BF404A7291D6399901DB69
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 004A8B6E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 004A8B7A
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004A8B81
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                    • String ID: .I
                                                                                                                                                                                                                                                    • API String ID: 2434981716-2795939834
                                                                                                                                                                                                                                                    • Opcode ID: fdb4f624d5e06220232f89c346b14a27467a56e615b51d2bfd03c56c56728553
                                                                                                                                                                                                                                                    • Instruction ID: 81c0ffc85691e8090dd0720e71aa1c30d2db17f8bf22cee2f90f06aeefdd47ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdb4f624d5e06220232f89c346b14a27467a56e615b51d2bfd03c56c56728553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72416074604045AFDB249F54CC80A7E7FA5DBA7304B2841AFF88587252DD39DC06D7A8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004DB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004D21D0,?,?,00000034,00000800,?,00000034), ref: 004DB42D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004D2760
                                                                                                                                                                                                                                                      • Part of subcall function 004DB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004D21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 004DB3F8
                                                                                                                                                                                                                                                      • Part of subcall function 004DB32A: GetWindowThreadProcessId.USER32(?,?), ref: 004DB355
                                                                                                                                                                                                                                                      • Part of subcall function 004DB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,004D2194,00000034,?,?,00001004,00000000,00000000), ref: 004DB365
                                                                                                                                                                                                                                                      • Part of subcall function 004DB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,004D2194,00000034,?,?,00001004,00000000,00000000), ref: 004DB37B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004D27CD
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004D281A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 63723874eaab16a6640030e83e55d4ee7e1a3cbb0493cd123ce884006df78940
                                                                                                                                                                                                                                                    • Instruction ID: cd10c01e6e929f416c6b492051cca183274c7be94ff1c8e073f2f03b1c2bb277
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63723874eaab16a6640030e83e55d4ee7e1a3cbb0493cd123ce884006df78940
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C416C72900218BFDB20DBA4CD55AEEBBB8EF19304F00405AFA45B7281DB746E45DBA0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 004A1769
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A1834
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004A183E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                    • Opcode ID: eb46f08aff76f9ffccee85667a121d551d5bde21ea66acf92d0fc97990274b34
                                                                                                                                                                                                                                                    • Instruction ID: be91c4eb769777cd22dbb5a93d910aa5ed7ad4be0cf93fa2259b1a2fd9f71b9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb46f08aff76f9ffccee85667a121d551d5bde21ea66acf92d0fc97990274b34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38318679A04218AFDB11DB9A9881D9FBBFCEBA6314F10416BF404D7321D6B84E44D798
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 004DC306
                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 004DC34C
                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00541990,00F757E0), ref: 004DC395
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 6c7789ba1444a7484b1ae03ecf51b11ad83bbe60dbfe6fee4afb3c290635befc
                                                                                                                                                                                                                                                    • Instruction ID: 775ccba8c1a9d5a70457f6a95f88896421371fc3c576212b30daf6117758d57d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c7789ba1444a7484b1ae03ecf51b11ad83bbe60dbfe6fee4afb3c290635befc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0241AE31204342AFDB20DF29D894B5ABBA4AF85314F00861FFDA5973D1C738A804CB6A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0050CC08,00000000,?,?,?,?), ref: 005044AA
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32 ref: 005044C7
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005044D7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                    • Opcode ID: 8d4850319fcee3b2223847a1e123e4319a77642416338a8be517aa4a437bbfd4
                                                                                                                                                                                                                                                    • Instruction ID: d8f71bc8a42931c6a7b7ab72ba49f4e6a089150a77eae38f32f53f5dd8888767
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d4850319fcee3b2223847a1e123e4319a77642416338a8be517aa4a437bbfd4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD319A72200605ABDF209F38DC45BEE7BA9FB09328F244719FA79921E0D774AC509B50
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SysReAllocString.OLEAUT32(?,?), ref: 004D6EED
                                                                                                                                                                                                                                                    • VariantCopyInd.OLEAUT32(?,?), ref: 004D6F08
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004D6F12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                    • String ID: *jM
                                                                                                                                                                                                                                                    • API String ID: 2173805711-1575265316
                                                                                                                                                                                                                                                    • Opcode ID: b2785b37c4b25d42e6092e293467558548b495ef6ba9b6bfa9661bd41e7d4803
                                                                                                                                                                                                                                                    • Instruction ID: 5f3bcbc5f8271fbbe1e4398ba79f70c4e7269b6f92728bb9813d8b586b0d07c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2785b37c4b25d42e6092e293467558548b495ef6ba9b6bfa9661bd41e7d4803
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 083190B1704605DBCB05AF65E8609BE3775FF45308B11449FF90A4B3A1C7389912DBD9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004F335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,004F3077,?,?), ref: 004F3378
                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 004F307A
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004F309B
                                                                                                                                                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 004F3106
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                    • Opcode ID: 4cb3a7f860af9bcd0b0ef62b8636358559a9afa08226dc8fc4854aee66f389cc
                                                                                                                                                                                                                                                    • Instruction ID: 4b751864d5b50c2ff6ea904acb3d1117d6d1ca8e25e5faa1e31657389827dfba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb3a7f860af9bcd0b0ef62b8636358559a9afa08226dc8fc4854aee66f389cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A83104352002099FCB10CF28C585EBA7BE0EF15319F24C05BEA158B392CB7AEE45C765
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00503F40
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00503F54
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00503F78
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                    • Opcode ID: 9481859e74ac6d7be96144e4a0e2cd3a6e8c47ef442db85ee9c3166ba06bc05d
                                                                                                                                                                                                                                                    • Instruction ID: e87cab6b24d9026cb8d6be40d802afe0581ca44b2ac1191e6bea7fcb6d194d4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9481859e74ac6d7be96144e4a0e2cd3a6e8c47ef442db85ee9c3166ba06bc05d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0721AD3260021ABBDF218F54CC46FEE3F79FB48718F110215FA156B1D0DAB5A895DB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00504705
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00504713
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0050471A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                    • Opcode ID: 262f0c9154bb53f35a8b02093d9790c32a58c9314cf455aa7e6b2134958b6f0c
                                                                                                                                                                                                                                                    • Instruction ID: 44cb7657617ee5db81135f43143dcfdaefeb19f9415d4056b0fca0f79fbcecee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 262f0c9154bb53f35a8b02093d9790c32a58c9314cf455aa7e6b2134958b6f0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 252151F5600209AFDB10DF68DCD1DAB3BADFB5A358B040459FA019B2A1DB71EC52DA60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                    • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                    • Opcode ID: f021583163ee9b553b10059823b4f561dd5488eb4df5fc89122d18bc02e17d9b
                                                                                                                                                                                                                                                    • Instruction ID: 1f29fc3ba48ed8ed475f64f955ac87579b22112476754f369d75f51bd63a18aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f021583163ee9b553b10059823b4f561dd5488eb4df5fc89122d18bc02e17d9b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D021433220421066C731BA29A826FBB77D8AFA1314F44403BF949D7781EB5CED92C39D
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00503840
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00503850
                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00503876
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                    • String ID: Listbox
                                                                                                                                                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                    • Opcode ID: 31446ffc7484e0171b7c37c3808b066d8fe58ecd74c259e7d997634e39c70ad4
                                                                                                                                                                                                                                                    • Instruction ID: b09bfc6a260f5d00bc04a0c584dd4a77108c7ae5a7a0ffa7af1be560b524626b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31446ffc7484e0171b7c37c3808b066d8fe58ecd74c259e7d997634e39c70ad4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D218E72610218BBEB218F64CC85EBF3B6EFF99754F118124F9449B1D0CA71DD5297A0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 004E4A08
                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 004E4A5C
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,0050CC08), ref: 004E4AD0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                    • String ID: %lu
                                                                                                                                                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                    • Opcode ID: b04e01612c6860dcf06df013ab21efae91e011555cd00cf162f645034acd3221
                                                                                                                                                                                                                                                    • Instruction ID: f6214ae89fba2c2afe655d08d72a6bf898fc018f8d5c2c356105e725da0b54d3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b04e01612c6860dcf06df013ab21efae91e011555cd00cf162f645034acd3221
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05318E70A00208AFDB10DF55C885EAE7BF8EF49318F1480AAE809DB352D775ED45CB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0050424F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00504264
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00504271
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                    • Opcode ID: b27952d80a9e151d1e5ae551029c2fe09a5be49c415fa539b752c6059ad8a9cd
                                                                                                                                                                                                                                                    • Instruction ID: 2affbce65e3407dda7aa77ee6c36dce6e25387e83907934615592cbbdfd3fcd6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b27952d80a9e151d1e5ae551029c2fe09a5be49c415fa539b752c6059ad8a9cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1011A371340249BEEF209F69CC06FAB3BACFF95B54F110518FA55E60D0D671D8619B14
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                      • Part of subcall function 004D2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004D2DC5
                                                                                                                                                                                                                                                      • Part of subcall function 004D2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 004D2DD6
                                                                                                                                                                                                                                                      • Part of subcall function 004D2DA7: GetCurrentThreadId.KERNEL32 ref: 004D2DDD
                                                                                                                                                                                                                                                      • Part of subcall function 004D2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 004D2DE4
                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 004D2F78
                                                                                                                                                                                                                                                      • Part of subcall function 004D2DEE: GetParent.USER32(00000000), ref: 004D2DF9
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 004D2FC3
                                                                                                                                                                                                                                                    • EnumChildWindows.USER32(?,004D303B), ref: 004D2FEB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                    • String ID: %s%d
                                                                                                                                                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                    • Opcode ID: da5615dc3558bde4bf55bf41ac0b702f93d764b37609ebef3beaa00890638beb
                                                                                                                                                                                                                                                    • Instruction ID: b4adbed485c505f4cf3cc0b6195454cde30ee5cd6218fce434b4e103c1905724
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da5615dc3558bde4bf55bf41ac0b702f93d764b37609ebef3beaa00890638beb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 671127712002046BCF11BF758C95EEE376BAFA5308F00807BF9099B382DE785A098B24
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005058C1
                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005058EE
                                                                                                                                                                                                                                                    • DrawMenuBar.USER32(?), ref: 005058FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 27d8fcef9a16c9b9ec3c74868809178cd9a1888cbe54b4a6df265ac139725bac
                                                                                                                                                                                                                                                    • Instruction ID: 900b8ee44736b99c62a70bf83e39961b100d1f962140ae0dc7c06e3344534fd2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27d8fcef9a16c9b9ec3c74868809178cd9a1888cbe54b4a6df265ac139725bac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2016D35500218EFDB219F11DC44BAFBFB4FB45361F10889AF849D6191EB308A98EF21
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 004CD3BF
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 004CD3E5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                    • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                    • Opcode ID: ff99738964af57e2d1e822f7498dfeaa145781428f04fd00bf4898e915bb1973
                                                                                                                                                                                                                                                    • Instruction ID: d0008751c9b63ec100f44674fd4e1a000bafb712af4ce8a4d6a4df68b2109350
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff99738964af57e2d1e822f7498dfeaa145781428f04fd00bf4898e915bb1973
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFF02079C02A219AC7B117104C24FAF7B54AF22701F648ABFA802E5298D72CCC85829E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3e55e69a4f8726d487a881da4799a8c4983774d6c93a304a9ba5dc6ad1bbfe85
                                                                                                                                                                                                                                                    • Instruction ID: 03f445afe631f117731ccbca92b69726a6b3bcdcdcabf63962776b61f6525694
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e55e69a4f8726d487a881da4799a8c4983774d6c93a304a9ba5dc6ad1bbfe85
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53C12975A00206AFDB14CFA4C8A4BAEB7B5FF48704F10859AE905EB351D735EE41CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1998397398-0
                                                                                                                                                                                                                                                    • Opcode ID: b47e0d59f255d5512d297e3d9cb749b8f6ffe7608e6a63b9f1a8896e1f38a01d
                                                                                                                                                                                                                                                    • Instruction ID: fb79299a3a52d85b7c3b64299be5e8cbf418126f05c66c82df3e4042ca4ee832
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47e0d59f255d5512d297e3d9cb749b8f6ffe7608e6a63b9f1a8896e1f38a01d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CA17E75204204AFC710EF25C485A6EB7E4FF88719F14885EF9499B362DB38ED05CB5A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0050FC08,?), ref: 004D05F0
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0050FC08,?), ref: 004D0608
                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,0050CC40,000000FF,?,00000000,00000800,00000000,?,0050FC08,?), ref: 004D062D
                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 004D064E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 314563124-0
                                                                                                                                                                                                                                                    • Opcode ID: 900715c3461a98e98f4af22984943589d76556babe219089f1297c636783634b
                                                                                                                                                                                                                                                    • Instruction ID: 77e866ea1e5379f0d123eb9cd2fabbf0350c9241fcd851604200877a6b66424a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 900715c3461a98e98f4af22984943589d76556babe219089f1297c636783634b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F813B71A00109EFCF04DF94C994EEEB7B9FF89315F20419AE506AB250DB75AE06CB64
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 004FA6AC
                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 004FA6BA
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 004FA79C
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004FA7AB
                                                                                                                                                                                                                                                      • Part of subcall function 0048CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,004B3303,?), ref: 0048CE8A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1991900642-0
                                                                                                                                                                                                                                                    • Opcode ID: 327f2cf1062f8184c8d018739c5ff5a894bfae5f5258bb67668f9ce7cdf176aa
                                                                                                                                                                                                                                                    • Instruction ID: 2833be44a6898bed500a4a20a34ef235a22d448519161ce8e3be2051d8e256cc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 327f2cf1062f8184c8d018739c5ff5a894bfae5f5258bb67668f9ce7cdf176aa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3511CB15083009FD710EF25C886A6FBBE8FF99758F00891EF58997252EB74D904CB96
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                    • Opcode ID: 3c4640a461ee5d7e5a07bf374245cc2e5066937163e2446feaadc0a6feec3f9b
                                                                                                                                                                                                                                                    • Instruction ID: 2a90bfae54953f1d30fa8e5a0ac5150eb9d402d5173a4e1816daf3cdff17ba07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c4640a461ee5d7e5a07bf374245cc2e5066937163e2446feaadc0a6feec3f9b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B415E31600100ABDF256BBE8C55BEF3EA4EF56378F64027BF418D62A1E63C4945527A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 005062E2
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00506315
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00506382
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3880355969-0
                                                                                                                                                                                                                                                    • Opcode ID: 6f3e42622ba83541d15b03fa29767099522cf7d7c0129b5dbc8e99bf1b19204e
                                                                                                                                                                                                                                                    • Instruction ID: 8ea59a75c03635bee24c5b6c7ae4beef3b66ff81efef404ea9acf8e1c07a260b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f3e42622ba83541d15b03fa29767099522cf7d7c0129b5dbc8e99bf1b19204e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3513874A00209EFDB20DF68D881AEE7BB5FB55364F108669F8159B2E0D730ED91DB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 004F1AFD
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1B0B
                                                                                                                                                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 004F1B8A
                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 004F1B94
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1881357543-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c736370e8ed892a242133648d71e294b382a5ca36d44d9a5207121ad64bf6d1
                                                                                                                                                                                                                                                    • Instruction ID: 3df1f1292e88970b41686f18c36b68910dc160822e7cc46294ecb95465836e87
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c736370e8ed892a242133648d71e294b382a5ca36d44d9a5207121ad64bf6d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F341C034640200AFE720AF21C886F6A77E5AB45718F54C44DFA1A9F3D3D67AED418B94
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e7b45d9dea67b73018a17135f883f39a0148e8c05b0aa73ca5cab37082b35beb
                                                                                                                                                                                                                                                    • Instruction ID: 34aabb176c873a165a9ed804e19cd48ac25ae709b72bd854e61436e4cfd376e8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7b45d9dea67b73018a17135f883f39a0148e8c05b0aa73ca5cab37082b35beb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9412475A00304BFE7249F39CC42BAABBE9EB99714F10452FF541DB292D379A90187D4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 004E5783
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 004E57A9
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 004E57CE
                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 004E57FA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                                                                                                                                    • Opcode ID: a82d5807396fd1f1be2b604f90ccf3a79b9f5d78ee1c558402e16e4520f59b60
                                                                                                                                                                                                                                                    • Instruction ID: c509fd81218aebaba62c5cbd23f5c2bf9c989d4649466e4b74c21f19f14d5266
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a82d5807396fd1f1be2b604f90ccf3a79b9f5d78ee1c558402e16e4520f59b60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F414139600610DFCB11EF16C544A5EBBE2EF49719B18C48EE84A5B761CB38FD00CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00496D71,00000000,00000000,004982D9,?,004982D9,?,00000001,00496D71,?,00000001,004982D9,004982D9), ref: 004AD910
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004AD999
                                                                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004AD9AB
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 004AD9B4
                                                                                                                                                                                                                                                      • Part of subcall function 004A3820: RtlAllocateHeap.NTDLL(00000000,?,00541444,?,0048FDF5,?,?,0047A976,00000010,00541440,004713FC,?,004713C6,?,00471129), ref: 004A3852
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2652629310-0
                                                                                                                                                                                                                                                    • Opcode ID: e5366394bf6fafa7ef6423015708a3b695ca1a95b6130d24d0406cfa103db8c2
                                                                                                                                                                                                                                                    • Instruction ID: 953213983228603dd4bf28f1fda4a1d6d9fc76f568d566304e88d23474a9bf70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5366394bf6fafa7ef6423015708a3b695ca1a95b6130d24d0406cfa103db8c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E31A0B2A0020AABDF24DF65DC45EAF7BA9EF62310F05416AFC05D6250E739CD54CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00505352
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00505375
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00505382
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005053A8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3340791633-0
                                                                                                                                                                                                                                                    • Opcode ID: 313e94c9a66a4216d0339a7db4843d4fccc4488bb7a188418f115d27e9bb2083
                                                                                                                                                                                                                                                    • Instruction ID: 7a0011a421f2fa5b0775e50761efffdfccf1ca75a135187af7be8c1404850382
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 313e94c9a66a4216d0339a7db4843d4fccc4488bb7a188418f115d27e9bb2083
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5931B234A55A08AFEB309F14CC06BEE7F65BB05390F984D01FA11961E1E7B1A980AF41
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 004DABF1
                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 004DAC0D
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 004DAC74
                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 004DACC6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                    • Opcode ID: b899cec484ea9094afe6a0a23a35bb001fdf7f9ed69853c9367ed2825289f9bf
                                                                                                                                                                                                                                                    • Instruction ID: bf7bf7fe069a3e0f3d1d1792298fee92757aaaa371b6ea57a09815793c426e2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b899cec484ea9094afe6a0a23a35bb001fdf7f9ed69853c9367ed2825289f9bf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA311A30A206186FEF34CB658C287FF7BA5AB85720F08431BE481963D0C37D8965975B
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 0050769A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00507710
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,00508B89), ref: 00507720
                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 0050778C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                                                                                                                                    • Opcode ID: 2617e359da0d29943580d7cc7f9b21b2c5ac51a7872ce849667bad1b47f8c29c
                                                                                                                                                                                                                                                    • Instruction ID: 2baa06451a904051c23e8aa93887301f84513126231c8aaa54f171ac46a1224e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2617e359da0d29943580d7cc7f9b21b2c5ac51a7872ce849667bad1b47f8c29c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0419C38A05619DFCB11CF58C894EAD7BF4FB5D384F1881A8E8149B2A1C371B985DF90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 005016EB
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 004D3A57
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: GetCurrentThreadId.KERNEL32 ref: 004D3A5E
                                                                                                                                                                                                                                                      • Part of subcall function 004D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,004D25B3), ref: 004D3A65
                                                                                                                                                                                                                                                    • GetCaretPos.USER32(?), ref: 005016FF
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 0050174C
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00501752
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2759813231-0
                                                                                                                                                                                                                                                    • Opcode ID: 95f71bed94d4886bb827ff2c474d4a2c9652990e1eab9198deb612034cb2615d
                                                                                                                                                                                                                                                    • Instruction ID: ced6180510560784db49be80c0bfe3db0a71fc7fddce29c75e429033eca84eeb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95f71bed94d4886bb827ff2c474d4a2c9652990e1eab9198deb612034cb2615d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8312D75D00149AFCB10DFAAC881CEEBBF9EF49308B5080AEE415A7251D7359E45CBA5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00509001
                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,004C7711,?,?,?,?,?), ref: 00509016
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 0050905E
                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,004C7711,?,?,?), ref: 00509094
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2864067406-0
                                                                                                                                                                                                                                                    • Opcode ID: bd970cac9742a44ae9e94a3d139c97e73bee75e4a7c1367730f23b3b0c5381df
                                                                                                                                                                                                                                                    • Instruction ID: 9eb4e958fdb2a2eefc595a940a93eb86746471564c164ae2a7bf9c49a9c5cd6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd970cac9742a44ae9e94a3d139c97e73bee75e4a7c1367730f23b3b0c5381df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91218D35600018AFDB258F94CCA8EFE7FB9FB4A350F044559F9454B2A2C3319994EB60
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,0050CB68), ref: 004DD2FB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004DD30A
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 004DD319
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0050CB68), ref: 004DD376
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                                                                                                                                    • Opcode ID: 6f7bff1b3dadaef4c9f2cf00b6e3f4b5c681c35294d50cbba98a2bf9f767d685
                                                                                                                                                                                                                                                    • Instruction ID: 27b24a28b4f05b3c4c709a11080aa1b655c9868a06941c6b24a0d563d92e7fcd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f7bff1b3dadaef4c9f2cf00b6e3f4b5c681c35294d50cbba98a2bf9f767d685
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 802180749042019FC310DF28C8918AF7BE4AF56368F504A1FF899C33A1D734994ACB97
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 004D102A
                                                                                                                                                                                                                                                      • Part of subcall function 004D1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 004D1036
                                                                                                                                                                                                                                                      • Part of subcall function 004D1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004D1045
                                                                                                                                                                                                                                                      • Part of subcall function 004D1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 004D104C
                                                                                                                                                                                                                                                      • Part of subcall function 004D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004D1062
                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 004D15BE
                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 004D15E1
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004D1617
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 004D161E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1592001646-0
                                                                                                                                                                                                                                                    • Opcode ID: e82502b35e64b1e438c84ca26e14e0e275b8806c5beb2c780c0445ae6aeabcdb
                                                                                                                                                                                                                                                    • Instruction ID: 9474767b917c96a3c0f54332ca0b4f163dbd3a3136632fbb70c8becb89e81a70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e82502b35e64b1e438c84ca26e14e0e275b8806c5beb2c780c0445ae6aeabcdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D217A31E00108BBDB10DFA4C964BEEB7B8EF41344F08445AE801A7351D738AA44DB54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 0050280A
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00502824
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00502832
                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00502840
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2169480361-0
                                                                                                                                                                                                                                                    • Opcode ID: 933f6ca83a374f81b4f8f782bd197f09ab18c15db3cfd04f19ee9326f405ab33
                                                                                                                                                                                                                                                    • Instruction ID: 7bd126078a3cefca93c90deef36fcb885d3c259b2344b098f57d6112ff2c4149
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 933f6ca83a374f81b4f8f782bd197f09ab18c15db3cfd04f19ee9326f405ab33
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48219235204511AFD7149B24CC49FAE7F95FF86328F148259F4168B6D2CB75EC42CB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004D8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,004D790A,?,000000FF,?,004D8754,00000000,?,0000001C,?,?), ref: 004D8D8C
                                                                                                                                                                                                                                                      • Part of subcall function 004D8D7D: lstrcpyW.KERNEL32(00000000,?,?,004D790A,?,000000FF,?,004D8754,00000000,?,0000001C,?,?,00000000), ref: 004D8DB2
                                                                                                                                                                                                                                                      • Part of subcall function 004D8D7D: lstrcmpiW.KERNEL32(00000000,?,004D790A,?,000000FF,?,004D8754,00000000,?,0000001C,?,?), ref: 004D8DE3
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,004D8754,00000000,?,0000001C,?,?,00000000), ref: 004D7923
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,004D8754,00000000,?,0000001C,?,?,00000000), ref: 004D7949
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,004D8754,00000000,?,0000001C,?,?,00000000), ref: 004D7984
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                    • String ID: cdecl
                                                                                                                                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                    • Opcode ID: 23087d39a233b4e88db47fa236555c7ba9b0884de9adaab2030c7146a17d97d7
                                                                                                                                                                                                                                                    • Instruction ID: 5333883b56efdce0d84d8489e49410c7bbecbccee287ae619aa650377a2f3903
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23087d39a233b4e88db47fa236555c7ba9b0884de9adaab2030c7146a17d97d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7711E17A200202ABDB15AF35C865D7B77A9FF95350B00402FE802C73A4FB359811D7A5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00507D0B
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00507D2A
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00507D42
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,004EB7AD,00000000), ref: 00507D6B
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 847901565-0
                                                                                                                                                                                                                                                    • Opcode ID: c9470bd8b05d178747355ead316c9d1fac6697384d1a8ec4d089cefea80b7a09
                                                                                                                                                                                                                                                    • Instruction ID: f1e4c5e980581f1afd89b1f2ffea2d373306eba48a223c0db991d310be7c9f9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9470bd8b05d178747355ead316c9d1fac6697384d1a8ec4d089cefea80b7a09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57119036A05A19AFDB109F28CC04AAE3FA5BF4A364B154724F835C72F0E731AD55DB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 005056BB
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 005056CD
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 005056D8
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00505816
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 455545452-0
                                                                                                                                                                                                                                                    • Opcode ID: 751906479a1ef02511351bea3f46b4239fa61e9e11ae0a15e083a4708dabc226
                                                                                                                                                                                                                                                    • Instruction ID: 489712bd4dd4086509403b2f4d8498c6c998ad378e6b48a002eaaaef68b9f4e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 751906479a1ef02511351bea3f46b4239fa61e9e11ae0a15e083a4708dabc226
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A311B175A00608A6DF209F65CC85AEF7FACFF11764B10492AF915D60C1FBB08A85CF64
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4d2b8d09281844b2a1a8ebc586328283dec7d837f6ed9fd3555289e7e553dbb7
                                                                                                                                                                                                                                                    • Instruction ID: aa29e6bbd22e598ac87ea4b75d3bcb8bec5e560ef765a8368719be0bfaabfbc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d2b8d09281844b2a1a8ebc586328283dec7d837f6ed9fd3555289e7e553dbb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F01A2F26056163EF61116796CC0F6B661CDFA37B8F30032BF521612E2DB68AC005168
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 004D1A47
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004D1A59
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004D1A6F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004D1A8A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: ef7b579605f6fc50fcac04b51c7b9c49b61497b16a837d473784dc065b06b717
                                                                                                                                                                                                                                                    • Instruction ID: d2b2efb1bc23fd7477027cba018b5f064448d397c187d62e61fbf3b5b80eb812
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef7b579605f6fc50fcac04b51c7b9c49b61497b16a837d473784dc065b06b717
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0113C3AD01219FFEB10DBA5CD85FADBB78EB04750F200092EA00B7390D6716E51DB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004DE1FD
                                                                                                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 004DE230
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 004DE246
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004DE24D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2880819207-0
                                                                                                                                                                                                                                                    • Opcode ID: fa8f685b5c6c6b9a83f37e4794b73fe8742353191f437fa267da49a9f15e7536
                                                                                                                                                                                                                                                    • Instruction ID: 306dd5f3d252184b89116ff48e473c38c1f5cf7e67ef5e31ddcff319bf2d97e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa8f685b5c6c6b9a83f37e4794b73fe8742353191f437fa267da49a9f15e7536
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB114876904204BBC701AFA89C09ADF3FAC9B56314F00475BF815D3380C274C90887A4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,?,0049CFF9,00000000,00000004,00000000), ref: 0049D218
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0049D224
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0049D22B
                                                                                                                                                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 0049D249
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 173952441-0
                                                                                                                                                                                                                                                    • Opcode ID: 52403ba76b26b500478f9e1b5c662ae5b1faa6f90211a25cab2c34815f282dc4
                                                                                                                                                                                                                                                    • Instruction ID: fa93a1a7eddb8fabc711698b31017abfb24713a5bfae00b9b3f266529ed2f115
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52403ba76b26b500478f9e1b5c662ae5b1faa6f90211a25cab2c34815f282dc4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC012636C041047BCF105BA6DC09BAF7E68DF92734F20037AF924921D0CB75C905D6A5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00489BB2
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00509F31
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00509F3B
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00509F46
                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00509F7A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4127811313-0
                                                                                                                                                                                                                                                    • Opcode ID: 1737f0da3fa038c7a55d0a283c2c2cc59bdf683d91e30e571c218d989c8e7712
                                                                                                                                                                                                                                                    • Instruction ID: 57397807e4c49e7c527e30c94945b957ca8ceae601347ccfb024405988ecb6a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1737f0da3fa038c7a55d0a283c2c2cc59bdf683d91e30e571c218d989c8e7712
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B11573690011AABDB11EFA8D8899EE7BB8FB46311F000555F902E3182D730BA85DBA1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0047604C
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00476060
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 0047606A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                                                                                                                                    • Opcode ID: 38960b4781829320b88dd0ee7892d076d5ede30cda47fecaa084ba8345261fa5
                                                                                                                                                                                                                                                    • Instruction ID: c46a218b3cbb44fd310671bfa8e50f29648eafbc8147e3b24ed94f81f54e23f5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38960b4781829320b88dd0ee7892d076d5ede30cda47fecaa084ba8345261fa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF118E72501948BFEF128FA48C44AEB7F6EEF19364F014206FA0952110C7369C60EBA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 00493B56
                                                                                                                                                                                                                                                      • Part of subcall function 00493AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00493AD2
                                                                                                                                                                                                                                                      • Part of subcall function 00493AA3: ___AdjustPointer.LIBCMT ref: 00493AED
                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00493B6B
                                                                                                                                                                                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00493B7C
                                                                                                                                                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 00493BA4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 737400349-0
                                                                                                                                                                                                                                                    • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                    • Instruction ID: 209a29e206ecbf9a4780cbb33f4e4ea74cb1ea8878f9a4d5130c0b32391a810b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3012D32100148BBDF116E96CC42DEB3F69EF89759F04402AFE4856121C73AE961DBA4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004713C6,00000000,00000000,?,004A301A,004713C6,00000000,00000000,00000000,?,004A328B,00000006,FlsSetValue), ref: 004A30A5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,004A301A,004713C6,00000000,00000000,00000000,?,004A328B,00000006,FlsSetValue,00512290,FlsSetValue,00000000,00000364,?,004A2E46), ref: 004A30B1
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004A301A,004713C6,00000000,00000000,00000000,?,004A328B,00000006,FlsSetValue,00512290,FlsSetValue,00000000), ref: 004A30BF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                    • Opcode ID: 488b4e5841da04aba90f70302abb48f5e2c190e79aa25287ebe038bd39f084eb
                                                                                                                                                                                                                                                    • Instruction ID: 3e8cd8b31910d7c1b0a1f884b656025b5cd7aecbe891e01ac904d9abf37b88cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 488b4e5841da04aba90f70302abb48f5e2c190e79aa25287ebe038bd39f084eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1012036309223ABC7314F799C449577F989F27BA2B200721F945D7284E725DD05C6D4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 004D747F
                                                                                                                                                                                                                                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 004D7497
                                                                                                                                                                                                                                                    • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 004D74AC
                                                                                                                                                                                                                                                    • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 004D74CA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1352324309-0
                                                                                                                                                                                                                                                    • Opcode ID: be371e2fb92e95eb15eec9da0a1c078c4efe5be1517a9ee19591639a6a320c61
                                                                                                                                                                                                                                                    • Instruction ID: f44b2dc983695c52e95fe467599e08c40306c76571b24690b39706d59e2c81c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be371e2fb92e95eb15eec9da0a1c078c4efe5be1517a9ee19591639a6a320c61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4711ADB1205310ABE7218F14DD18B96BFFCEB00B00F10856BE616D6291E7B4E908DB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,004DACD3,?,00008000), ref: 004DB0C4
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,004DACD3,?,00008000), ref: 004DB0E9
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,004DACD3,?,00008000), ref: 004DB0F3
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,004DACD3,?,00008000), ref: 004DB126
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                                                                                                                                    • Opcode ID: a915cb531952a710d8e6f7436c3f9145f2638595941223e6d61583912073e66f
                                                                                                                                                                                                                                                    • Instruction ID: 4f9b6c24cbd0051c340ba3ad96af41164ff47be82c7365c20d6efa2a74eb7caf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a915cb531952a710d8e6f7436c3f9145f2638595941223e6d61583912073e66f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24117930C00628E7CF00AFA4E9696EEBF78FF5A310F024187D941B2281CB388650DB99
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00507E33
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00507E4B
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00507E6F
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00507E8A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                                                                                                                                    • Opcode ID: beaa71c6a64e49b4ff6c06d70b62fa079ab1795947dad68a6f75c6dc94c1a0af
                                                                                                                                                                                                                                                    • Instruction ID: 80c26652aaf5f1938aae09de841a51235d47b45cff194cde2543bcfdf4d8cffe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: beaa71c6a64e49b4ff6c06d70b62fa079ab1795947dad68a6f75c6dc94c1a0af
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E91163B9D0020AAFDB41CFA8C8849EEBBF9FB19310F104156E911E2250D735AA54DF90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004D2DC5
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 004D2DD6
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004D2DDD
                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 004D2DE4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2710830443-0
                                                                                                                                                                                                                                                    • Opcode ID: de14a43c23b3650d14057cbe9ec353f43483e1cd781910492b10c6c478f162ae
                                                                                                                                                                                                                                                    • Instruction ID: 86a02e78602ea6a00fe86a1d750f12f8936d0576c0bfee0c075739c6a9bb0115
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de14a43c23b3650d14057cbe9ec353f43483e1cd781910492b10c6c478f162ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86E092711012247BD7301B769D0DFEF3E6DEF67BA1F000216F105D11809AE5C849D6B0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00489693
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: SelectObject.GDI32(?,00000000), ref: 004896A2
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: BeginPath.GDI32(?), ref: 004896B9
                                                                                                                                                                                                                                                      • Part of subcall function 00489639: SelectObject.GDI32(?,00000000), ref: 004896E2
                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00508887
                                                                                                                                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00508894
                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 005088A4
                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 005088B2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                                                                                                                                    • Opcode ID: f9d1f536832700cbac5cc545374c5cbba6771126aa8b5119a869fb19f81808da
                                                                                                                                                                                                                                                    • Instruction ID: 2802116e433819ab0bed7912e66560cc05b406dc924aea3ea700e9aa2c72ca28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9d1f536832700cbac5cc545374c5cbba6771126aa8b5119a869fb19f81808da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7F0BE36001618FAEB122F94AC1DFDE3F59AF27310F048100FA01610E1C7740555EFE9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 004898CC
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 004898D6
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 004898E9
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 004898F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4037423528-0
                                                                                                                                                                                                                                                    • Opcode ID: 84472086304ab89452feb30f22fcb888483769fa3f0649adc1672d7404b4ffd1
                                                                                                                                                                                                                                                    • Instruction ID: bfe2c02c4be4de752a5dda343fdf27c3716dac92283d021dd98d1e5c90e7efce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84472086304ab89452feb30f22fcb888483769fa3f0649adc1672d7404b4ffd1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44E06D31244680AFDB215B74AC09BED3F20AB22336F08831AFAFA581E1C3754654EF10
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 004D1634
                                                                                                                                                                                                                                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,004D11D9), ref: 004D163B
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004D11D9), ref: 004D1648
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,004D11D9), ref: 004D164F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3974789173-0
                                                                                                                                                                                                                                                    • Opcode ID: 13bf4db5ee36f1e80f2c08d55ca3a5f1d70d43eff77e42e5b49e3313ecc5de43
                                                                                                                                                                                                                                                    • Instruction ID: f7a5bba521d1b659608fcec85f697eca37bac840cc7ecd7e212868b0784a73fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13bf4db5ee36f1e80f2c08d55ca3a5f1d70d43eff77e42e5b49e3313ecc5de43
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30E08631601211EBE7301FA09D1DB8F3F7CAF66791F148909F646C9090D6388448D754
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004CD858
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004CD862
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004CD882
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 004CD8A3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                    • Opcode ID: b0a13932bcdce57bd96c0c82f8f089c48baa832933d35ed41528f95206eb2e65
                                                                                                                                                                                                                                                    • Instruction ID: 9bae0f5cf81407eb134939abc61ec75d57c7dc1d1f8662ce068ed6802a744a38
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0a13932bcdce57bd96c0c82f8f089c48baa832933d35ed41528f95206eb2e65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E01AB4C00204DFCF61AFA5D80CA6DBFB1FB19310F10851AF846E7290CB398906AF55
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004CD86C
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004CD876
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004CD882
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 004CD8A3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                    • Opcode ID: 3e610eed4fbdbc3807d3cf90a128c65bddb16b83de66a034ef9b9b5efbec575e
                                                                                                                                                                                                                                                    • Instruction ID: c60f1c6a137446ca75f4ac10d159212825d18f9be583e9b841ce69d8e9d84068
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e610eed4fbdbc3807d3cf90a128c65bddb16b83de66a034ef9b9b5efbec575e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72E012B4C00200EFCF60AFA4D80C66DBFB1BB19310F108509E84AE7290CB39590AAF40
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00477620: _wcslen.LIBCMT ref: 00477625
                                                                                                                                                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 004E4ED4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Connection_wcslen
                                                                                                                                                                                                                                                    • String ID: *$LPT
                                                                                                                                                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                    • Opcode ID: f32195626e798d2e1f6da6bae84494906aafbf6dd674df4aad17877607af9e0b
                                                                                                                                                                                                                                                    • Instruction ID: 13c73ab7a1ea665b7f8cbc9fb43bc977004f5b69845414813721dcd48a53189a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f32195626e798d2e1f6da6bae84494906aafbf6dd674df4aad17877607af9e0b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8919475A002449FCB14DF59C484EAABBF1BF84709F14809EE40A9F352C739ED85CB95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 0049E30D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                    • Opcode ID: 2c6f95510709d1b03b662b52307b002e93c3f7934cd2674a80a41911dcebf324
                                                                                                                                                                                                                                                    • Instruction ID: b2d0cb85e34183b3612ef79f120f5c8ba378ca4e2c9eaba780ac035b96fb61c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c6f95510709d1b03b662b52307b002e93c3f7934cd2674a80a41911dcebf324
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3513B61A0C20196CF35B715CD413BB3F94AB61740F248DBBE495423E9EB3D8C969A4E
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(004C569E,00000000,?,0050CC08,?,00000000,00000000), ref: 004F78DD
                                                                                                                                                                                                                                                      • Part of subcall function 00476B57: _wcslen.LIBCMT ref: 00476B6A
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(004C569E,00000000,?,0050CC08,00000000,?,00000000,00000000), ref: 004F783B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                    • String ID: <sS
                                                                                                                                                                                                                                                    • API String ID: 3544283678-608235421
                                                                                                                                                                                                                                                    • Opcode ID: dc7f53277ed1ef72c009c70f50281e9bf185d0d0f8e9e87038e628e17136939e
                                                                                                                                                                                                                                                    • Instruction ID: 15e5b1b36efa89a931336402253270f0b6eb42ad542f0ff6c01f1566950013ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc7f53277ed1ef72c009c70f50281e9bf185d0d0f8e9e87038e628e17136939e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1617FB2914118AACF04FBA5CC91DFEB374BF14304B44852BE646B7191EF7C5A09CBA9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                                                                                                                                    • Opcode ID: 0312af9db05bdb50695976d0ca659d59d6863f25dc885ab0a535c1e0e9a71616
                                                                                                                                                                                                                                                    • Instruction ID: 9afcac31837af34bee05f41cee5d269aaa621952fc66658333eece2983072619
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0312af9db05bdb50695976d0ca659d59d6863f25dc885ab0a535c1e0e9a71616
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 245101395012469FDB15EF2AC081ABF7BA4EF25310F24849BE8519B280D7389D43DBA9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 0048F2A2
                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 0048F2BB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: f023a8431b82efb26751bd710754f659b63cddf6f7dbcd0e01b68a77542c864f
                                                                                                                                                                                                                                                    • Instruction ID: 65d2deaec5a193f4811e42b92a8c2e194c7f5e9e37c3aeb838f2015bbd054ea7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f023a8431b82efb26751bd710754f659b63cddf6f7dbcd0e01b68a77542c864f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 395147714087449BD320AF21DC86BAFBBF8FF95304F81885EF1D9411A5EB348529CB6A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 004F57E0
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004F57EC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                    • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                    • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                    • Opcode ID: 11afd2b138fb27a0b177cdb5b75f8fa509ea652664b500285be3047403b0ed9a
                                                                                                                                                                                                                                                    • Instruction ID: 69aea94d1a4c638770bdcd78180282c064fe72e92f66ca7b5e9b74f3bc4ae27b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11afd2b138fb27a0b177cdb5b75f8fa509ea652664b500285be3047403b0ed9a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02419071A001099FCB14EFAAC8818BEBBF5FF59354F10416EE605A7391E7389D91CB94
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004ED130
                                                                                                                                                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 004ED13A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                    • String ID: |
                                                                                                                                                                                                                                                    • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                    • Opcode ID: 042f4baad2f423c78d3ce96988ca1269f0b10041e513ab2ef6682b26fa45d346
                                                                                                                                                                                                                                                    • Instruction ID: d6183997417122ba1cafdfe91e4302d21e42cbc8bad5e2fda55d4893de3da591
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 042f4baad2f423c78d3ce96988ca1269f0b10041e513ab2ef6682b26fa45d346
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B312D71D00209ABCF15EFA6CC85AEEBFBAFF04344F00405AF819A6261D735A916DB65
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00503621
                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0050365C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                    • Opcode ID: 22f8b853b7e6c315160a45f4c560968b0ddbb7080a1e31ff5d468270a18ba59e
                                                                                                                                                                                                                                                    • Instruction ID: c12ed96ac37baf872556bd1227cbb851e6c2240abb9bd1c7bbd59bd9a295890e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22f8b853b7e6c315160a45f4c560968b0ddbb7080a1e31ff5d468270a18ba59e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9631AB71100604AADB209F28DC80EFF7BADFF89724F10861DF8A597290DB31AD81D760
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0050461F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00504634
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID: '
                                                                                                                                                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                    • Opcode ID: ed8170a35c72133cde5dcb1d2f495f796a22df054b7387e99a751416f4ad2023
                                                                                                                                                                                                                                                    • Instruction ID: 3293873b1adc1c2a63a408741b71807f8db5da41ba034746893a96973ca3ce5d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed8170a35c72133cde5dcb1d2f495f796a22df054b7387e99a751416f4ad2023
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC3138B4A013099FDB14CFA9C981BEE7BB5FF49300F10406AEA05AB381E771A941DF90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0050327C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00503287
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID: Combobox
                                                                                                                                                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                    • Opcode ID: 5341cd2eb6760b68016fb7a5ded453b34a3baf7606ab8268493da8441accd93a
                                                                                                                                                                                                                                                    • Instruction ID: 9042935a785756639037338ba7ed73597d1e9aba51e5e6c2d31f3c371dec3fd7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5341cd2eb6760b68016fb7a5ded453b34a3baf7606ab8268493da8441accd93a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D119D7520020A7FEF219F94DC85EBF3BAEFB983A4F104629F9189B2D0D6319D519760
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0047604C
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: GetStockObject.GDI32(00000011), ref: 00476060
                                                                                                                                                                                                                                                      • Part of subcall function 0047600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0047606A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0050377A
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00503794
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                    • Opcode ID: 6f31b98081439d9ad5aece0e11fc86c8a18d222007c5443cdc6cf85abac9b32d
                                                                                                                                                                                                                                                    • Instruction ID: ddbb7c403a2979b60ae226a95209f8652772d97a1844296c7b9bcc66db44513e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f31b98081439d9ad5aece0e11fc86c8a18d222007c5443cdc6cf85abac9b32d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C1129B2610209AFDB00DFA8CC46EEE7BB8FB09314F004A15F955E2291E735E9559B50
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004ECD7D
                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 004ECDA6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                    • String ID: <local>
                                                                                                                                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                    • Opcode ID: 308364c41fb1c6cda640eeb1696add7ffaed513d51db367ddc341b9a15df1514
                                                                                                                                                                                                                                                    • Instruction ID: ea7d68b69f46d3cc6d858f0ef712806274b8828c0e3d25269c13e92b4d745ec7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 308364c41fb1c6cda640eeb1696add7ffaed513d51db367ddc341b9a15df1514
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F110671241671BAD7344B678C84EF7BEACEF127A5F00422BB10983180D3799846D6F4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 005034AB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005034BA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                    • String ID: edit
                                                                                                                                                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                    • Opcode ID: a00a0190d8d3397b208bb0e5af7008f19741bed7f0164c74fa382982f674df35
                                                                                                                                                                                                                                                    • Instruction ID: 5876c5717b8cbeac859390610dfb6b8097b38fc1a04cbaabe83b4e2ed4f1048c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a00a0190d8d3397b208bb0e5af7008f19741bed7f0164c74fa382982f674df35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97116D71100108AAEF218F64DC48AEE3F6EFB15378F504724F9659B1D0C771DC559750
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 004D6CB6
                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 004D6CC2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                    • String ID: STOP
                                                                                                                                                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                    • Opcode ID: d2c3e6d448dfae1aa4d21ac2c2e7f23a83415d6db3fa9c80bfdc1bfdeeba3376
                                                                                                                                                                                                                                                    • Instruction ID: f8f310fe0b541de3047f15c0cc7b8107e5c876de9d44d6431942c0318c0d1053
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2c3e6d448dfae1aa4d21ac2c2e7f23a83415d6db3fa9c80bfdc1bfdeeba3376
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF0108326105268ACB209FBDEC608BF37A5EB61714702052BE45292391EB39D800C654
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 004D1D4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: a8dc00e98e0c54d5149b342e343098bc25521e17109e4e12b2ea5958ea54359c
                                                                                                                                                                                                                                                    • Instruction ID: 6574ab9636bec86c99fe929bb9ede41b48c0e93ed07d098367c94f3a6ef60330
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8dc00e98e0c54d5149b342e343098bc25521e17109e4e12b2ea5958ea54359c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01F131610218ABCB08EBA4CC21CFE77A9FB12354B00060FE826673D1EB3869088665
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 004D1C46
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: 74eabfe4b1028a39d3819f16fd77b787cbdeac6943152efbdd08147ba715180e
                                                                                                                                                                                                                                                    • Instruction ID: a555d5529fb8c18d5df1119a4f92564001356fe27cb19a603be1ba3bee9404d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74eabfe4b1028a39d3819f16fd77b787cbdeac6943152efbdd08147ba715180e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01A7757A11047ADF14EB91CD66DFF77A89B11744F14001FA80767392EA289E0886BA
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 004D1CC8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: 77fc524515d2271c978df93c28825cbddc91f3970a4539113ba2cf5b47d268bd
                                                                                                                                                                                                                                                    • Instruction ID: 26764c05702b2d482d87787b7a0f635e3cd8914b8bec1be226e92b6eef0693c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77fc524515d2271c978df93c28825cbddc91f3970a4539113ba2cf5b47d268bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F01A77175011476CB14EB95CA22EFF77A89B11744F14001BBC0677391EA299F09967A
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0048A529
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                    • String ID: ,%T$3yL
                                                                                                                                                                                                                                                    • API String ID: 2551934079-2271862204
                                                                                                                                                                                                                                                    • Opcode ID: 38b059b0c6298c5602fa2e9a328a1f6f6810988209a502e8589fcdff0974d8b0
                                                                                                                                                                                                                                                    • Instruction ID: 46f6908f009492206fbdc8dfaeb0ef9662b5fd6172f978f79a427208c8c95cdf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38b059b0c6298c5602fa2e9a328a1f6f6810988209a502e8589fcdff0974d8b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F01F7317006109BDA04F769E81BADD3764AB05718F90486FF5051B2C2DE986D458B9F
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00479CB3: _wcslen.LIBCMT ref: 00479CBD
                                                                                                                                                                                                                                                      • Part of subcall function 004D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 004D3CCA
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 004D1DD3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                    • Opcode ID: e362d12a6609dffdf32d555658b72006ca91d8e318126df48bf28f33ec48129b
                                                                                                                                                                                                                                                    • Instruction ID: af95f547abf92d342eceb358ad1c6bdcab8baf16ab980386c66772c8d92c7bd6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e362d12a6609dffdf32d555658b72006ca91d8e318126df48bf28f33ec48129b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDF0F471B502147ACB04FBA5CC62EFF7768AB12358F04091BB826673D1EB7869088269
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00543018,0054305C), ref: 005081BF
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 005081D1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                    • String ID: \0T
                                                                                                                                                                                                                                                    • API String ID: 3712363035-698854872
                                                                                                                                                                                                                                                    • Opcode ID: 1706f08ff3f4a660968fa67d14e6becaff6b6886baf0f96a6a81787d7c8cfd2b
                                                                                                                                                                                                                                                    • Instruction ID: 19bd0033aca8bf7d696bf4d1d80e2e84197ae5c9a8db11fb1c13e61524062e8d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1706f08ff3f4a660968fa67d14e6becaff6b6886baf0f96a6a81787d7c8cfd2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF054B5640700BAE7206761AC49FF73E9CEB26758F004525BF0CD51B1D67A8A04A2B8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                    • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                    • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                    • Opcode ID: ded03ab3af687579fbb70f6d5579ad1def87ee6bc47c452452fcc7838da0a827
                                                                                                                                                                                                                                                    • Instruction ID: 8002c83da73897ee2a23f75c47720e1062d2c8398b35d68a5387739194e6484d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ded03ab3af687579fbb70f6d5579ad1def87ee6bc47c452452fcc7838da0a827
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37E02B42604224109231227BDCC1D7F5E89DFC9760710183FFA81C2366EA9C8D9293A8
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004D0B23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                    • Opcode ID: 9d668db0a375e45927c3d46bcd88f56c1b85d7f96178b0d896897b5a33262829
                                                                                                                                                                                                                                                    • Instruction ID: 91d56a848d33f3215cdb8f7b814e9d99379462933178ee33346731378f17a7d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d668db0a375e45927c3d46bcd88f56c1b85d7f96178b0d896897b5a33262829
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE0D83224430866D6243795BC07F9D7FC49F06B55F10082FF758555C38AD5649046AD
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0048F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00490D71,?,?,?,0047100A), ref: 0048F7CE
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,0047100A), ref: 00490D75
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0047100A), ref: 00490D84
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00490D7F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                    • Opcode ID: 542774e64a3db709d8b66baafeed87095a7d4fa2159f91ea5c33043131eca4d9
                                                                                                                                                                                                                                                    • Instruction ID: 0a1e33c3881ceffc0f83b1bb80dd29d7c1b6ad2c37427f674ae571813ac9c921
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 542774e64a3db709d8b66baafeed87095a7d4fa2159f91ea5c33043131eca4d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35E092742007418FE7709FB9E40834A7FE4BF10748F008E3EE896C6A91DBB8E4489B95
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0048E3D5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                    • String ID: 0%T$8%T
                                                                                                                                                                                                                                                    • API String ID: 1385522511-773869289
                                                                                                                                                                                                                                                    • Opcode ID: 54d5919222a08e57e64ba4457752270f4dcb3611fb37bdc1fa55fdc9b8ad3608
                                                                                                                                                                                                                                                    • Instruction ID: 759fa26d1d994ccbdbcfdc75fc94971b8fa82ab541eff3acca12fec427cafa0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54d5919222a08e57e64ba4457752270f4dcb3611fb37bdc1fa55fdc9b8ad3608
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE02635500930CFCA04B71AB855ACC3791FB0632CF9005BBF9028F2D19B386C41A74D
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 004E302F
                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 004E3044
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                    • String ID: aut
                                                                                                                                                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                    • Opcode ID: 19807a155fa7d6b9afd0f2e7ba0f5254b3aea5ed24051a6d720c139da0e76d28
                                                                                                                                                                                                                                                    • Instruction ID: 804e1f0558e7721f4e323c12be0e1c759b79a1c2cd20ef73b20706644177228a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19807a155fa7d6b9afd0f2e7ba0f5254b3aea5ed24051a6d720c139da0e76d28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED05E76500328B7DA20A7A4AC0EFCB3F6CDB06750F0002A1BA95E20D1DAB09988CAD0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LocalTime
                                                                                                                                                                                                                                                    • String ID: %.3d$X64
                                                                                                                                                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                    • Opcode ID: fd31ccc67d341200b88415bb40c948da5e7922a79d3b583b71a2068df5fef09b
                                                                                                                                                                                                                                                    • Instruction ID: 7e9c093df44165a1c4fb62dc994f7a265a1c21fed8ced6df3b2a4b8a3e4b64a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd31ccc67d341200b88415bb40c948da5e7922a79d3b583b71a2068df5fef09b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CD01D65C05109E5CBD0A7D0DC45EBDB77CFB19301F5044B7F80691040D63CD54A6757
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0050236C
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000), ref: 00502373
                                                                                                                                                                                                                                                      • Part of subcall function 004DE97B: Sleep.KERNEL32 ref: 004DE9F3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                    • Opcode ID: 8bc96b0293c8a89b7be847570e70c10a469265dce5ac04e1bd2e37ff19cd8216
                                                                                                                                                                                                                                                    • Instruction ID: 25018df5915c0daca4c5d3ddcf92501acc5dc1918e88e979c5abe92bb13e75b5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bc96b0293c8a89b7be847570e70c10a469265dce5ac04e1bd2e37ff19cd8216
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45D0C9763813107AE678B7719C1FFCA6A18AB16B14F504A1A7645AE1D0C9A4A8058A58
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0050232C
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0050233F
                                                                                                                                                                                                                                                      • Part of subcall function 004DE97B: Sleep.KERNEL32 ref: 004DE9F3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                    • Opcode ID: c9677b2fe2f4013330829423a679e13b89d987023842693d8a2aa32447de994d
                                                                                                                                                                                                                                                    • Instruction ID: 8a174a43cfe47c0967c27d4d31f33ef849b2fd720840e12c4afc92f06615d9f5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9677b2fe2f4013330829423a679e13b89d987023842693d8a2aa32447de994d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45D0C976395310B6E678B7719C1FFCA6E18AB11B14F104A1A7645AE1D0C9A4A8058A54
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 004ABE93
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004ABEA1
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004ABEFC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1719328690.0000000000471000.00000020.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719308606.0000000000470000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.000000000050C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719429978.0000000000532000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719524085.000000000053C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1719555488.0000000000544000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_470000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                    • Opcode ID: c9a95f6d6a52873fc01ef981bfdc46150c6ba8713fbbeb936c9cf8e35aecbe24
                                                                                                                                                                                                                                                    • Instruction ID: 87ca5586bb9e64aa981fab45ab94468d33369c883d9627caa51bfdc67cbd6109
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9a95f6d6a52873fc01ef981bfdc46150c6ba8713fbbeb936c9cf8e35aecbe24
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3412B34605206AFCF218F65CC54ABB7BA4DF67310F18416BF959D72A2DB348C01DB99